GUIDE
Secure Your Web Apps: Practical Fixes for the Top 5 Vulnerabilities.
GUIDE
Secure Your Web Apps: Practical Fixes for the Top 5 Vulnerabilities.

Cellular Exploits in the Iran-Israel Conflict and How Pentesting Mirrors Modern Warfare

In the evolving conflict between Iran and Israel, the battlefield has extended beyond land and air. Cellular infrastructure—once considered benign—is now a weapon, a target, and a liability.

From drone command-and-control to real-time surveillance via rogue base stations, we're witnessing cyber-physical warfare in which cellular networks are both the transport layer and the attack surface.

For penetration testers, this is more than a geopolitical drama. The same tools pentesters use to simulate attacks against LTE/5G-connected infrastructure are being deployed in active war zones. The emerging use of these state-sponsored tactics shows us just how close pentesting tools and techniques, using open-source research and tools, are to the real thing.

This post references how real-world cellular exploits being targeted during the Iran-Israel conflict have previously been disclosed in the repository Awesome-Cellular-Hacking, the number one consolidated source of cellular hacking material on the internet.

Awesome Hacking (1) 
Part of the “Awesome Hacking” consolidation of open source infosec teaching material on the internet

Just because they are state-sponsored attacks is not a defense against adversaries using these exploits in other realms, and pentesters can help identify weaknesses that might be attacked. Below are five ways tactics of cyber warfare are relevant to what we do as pentesters.  

1. LTE-Controlled Drones: IoT With Modems on the Move

Real-world event: 

  • In 2025, Israeli intelligence reportedly smuggled quadcopters into Iran. They covertly assembled them in-country to launch precision strikes against radar and air defense stations, all coordinated over commercial LTE links (Euronews).
  • A covert Mossad drone base provided local, low-power cellular control to avoid traditional radio frequency (RF) tracking (DroneLife).

Pentest analogy: Many commercial and industrial drones (and even delivery robots) use Quectel or SIM7600 modems to communicate with cloud platforms. This modem has known CVEs and vulnerabilities, from command injection to traffic interception. A compromised modem gives you control over the drone or IoT device.

2. Rogue Base Stations: Tracking and Targeting

Real-world event: Iranian scientists and military officials had their phones confiscated after Iran’s Cyber Command warned that connected devices could be leveraged for location tracking by Israeli stingrays (Politico). Hezbollah likewise banned smartphones and switched to pagers and landlines when intelligence indicated cellphone-based geolocation was leading to targeted killings (ABC News).

Pentest analogy: Open Source 4G/5G Software Defined Cell towers and specialized tools enable the creation of fake eNodeBs. These fake cellular access points forcefully downgrade the cellular connection of any device nearby. When in proximity to the fake EnodeBs, your cellular device is prompted to connect, revealing its IMSI identifier or forcing downgrade attacks.

3. SIM Cloning and eSIM Surveillance

Real-world event: The Financial Times revealed Israel supplied encrypted smartphones disguised as everyday devices to Iranian dissidents. These phones used cloned SIM credentials to exfiltrate data that appeared to come from legitimate Iranian sources (FT).

Pentest analogy: We test SIM abuse with open source tools to simulate cloned ICCID/Ki values. eSIM provisioning flows are also being abused. These flows represent weak points in authentication and can be a trojan horse for persistent attackers.

4. Booby-Trapped Messaging Systems

Real-world event: In "Operation Grim Beeper," pagers distributed to Hezbollah fighters were remotely detonated, causing mass casualties. Devices once considered safe alternatives to smartphones became a deadly trap (DW, Carnegie).

Pentest analogy: Many legacy and embedded devices still accept binary SMS, OTA, and provisioning payloads that can be fuzzed or exploited for RCE or denial of service attacks.

5. SIM Lifecycle Abuse and Lateral Movement

Real-world event: Israeli intelligence has reportedly compromised Iranian industrial routers and security cameras by tracking re-used SIMs, allowing lateral movement into air-gapped networks (Capacity Media).

Pentest analogy: SIMs reused across multiple devices can become shared secrets across a fleet. Once compromised, they allow tracking, reconfiguration, or access into otherwise segregated systems.

Final Thoughts

The Iran-Israel conflict is a testbed for high-stakes wireless operations. But these aren't just exotic nation-state exploits. These flaws are already in everyday networks. Cellular modems in your phone, military drones, industrial legacy industrial gear, and IOT/field-deployed devices are being used every day in a hybrid cyber-kinetic war. The attack surface has shifted. Pentesters always have to be agile  to keep up with the evolving landscape of cyber warfare. 

To learn more about Cobalt and our elite pentester community, visit our Cobalt Core page.

Back to Blog
About Adam Toscher
Adam Toscher is a seasoned Cybersecurity Professional, Offensive Security Engineer, and Red Team Operator with over 20 years of experience across IT and cybersecurity, specializing in identifying critical vulnerabilities and developing advanced, actionable defensive strategies for Fortune 500 companies and government agencies. A recognized authority, he's best known for coining "Top 5 Ways To Get Domain Admin Before Lunch" and is a sought-after international speaker and prolific author of cornerstone cybersecurity blogs, consistently ranking at the top for red teaming and pentesting. More By Adam Toscher
A Brief History of Hacking | Cobalt
The history of hacking offers a colorful background dated all the way back to the late 1800s.
Blog
Dec 5, 2022