February 25, 2018

Main » Strava app's fitness tracking data could harm United States military operational security

Strava app's fitness tracking data could harm United States military operational security

30 January 2018

Data from fitness trackers that clearly show the movement of personnel at USA military bases is sparking major concerns, with experts citing potential dangers to base security. The California-based company calls itself "the social network for athletes", saying that its mobile apps and website connect millions of people every day.

The data could provide information to someone who wants to attack or ambush troops, the Washington Post reported.

Further, although user identity is not public information, Strava Labs, the maker of the app, has access to this data and therefore so potentially do hackers, points out the Daily Beast.

If anyone were to hack Strava, he said, they might be able to connect a particular user with a particular route. The map of Afghanistan is a spiderweb of lines connecting bases, showing supply routes, as is northeast Syria, where the United States maintains mostly unpublicised bases.

The Strava app allows users to record their activity using Global Positioning System over a phone or wearable devices such as Fitbit, a device popular among us forces.

The San Francisco-based company said data used in the map was made anonymously and doesn't include data "marked as private and user-defined privacy zones". It allows users to count how much exercise they've done and share it with others, a fairly innocuous use and a common one with fitness trackers.

Militaries across the world are being forced to look into their security policies after the Strava app accidentally gave away the locations of secret bases and supply routes.

The app, which maps people's exercise habits via GPS and enables them to share their running routes, published an updated version of its global heatmap back in November.

Schneider said his focus is on Syria, but the trick "obviously works all over". And this can't really be put on Strava, as the app is upfront with the data it collects.

Indeed the bases which are visible on the Strada heat maps can not be seen on Google Maps or Apple's Maps. "US Bases are clearly identifiable and mappable".

In an interview with the BBC, Ruser explained that he discovered the security vulnerability last week: "I just looked at it and thought, oh hell, this should not be here - this is not good".

"Whether you are concerned about someone knowing where you are, where you ran or where you live, we've got the tools to help you take control", the company said.

"Our global heat map represents an aggregated and anonymized view of over a billion activities uploaded to our platform", Strava said in a statement obtained by Gizmodo.

Strava app's fitness tracking data could harm United States military operational security