Heat map courtesy of Strava.
Summary: The fitness app Strava compromised military security by showing troops’ locations.
A fitness tracking app exposed military members’ locations and schedules, and this unintentional security violation prompted the U.S. Central Command to refine its privacy policies, according to CNN.
The app, Strava, allows users to create profiles and share running routes. It was billed as a “social network for athletes.” In November, it released a new feature, a global heat map that was comprised of user data, and experts noticed that the map had the potential to reveal the location patterns of U.S. troops exercising at military bases in remote locations.
Strava said that it has tens of millions of users, and it is able to track its users’ exercise paths using GPS coordinates from phones, FitBits, and other fitness devices.
Nathan Ruser, an analyst for the Institute for United Conflict Analysts, wrote on Twitter that the heat map made base locations “clearly identifiable.”
“If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous. This particular track looks like it logs a regular jogging route. I shouldn’t be able to establish any Pattern of life info from this far away,” Ruser stated.
The U.S. Central Command told CNN that it was reviewing its security policies, which include how to deal with wireless technology.
“The coalition is in the process of implementing refined guidance on privacy settings for wireless technologies and applications, and such technologies are forbidden at certain coalition sites and during certain activities. We will not divulge specific tactics, techniques and procedures,” the statement continued.
Strava users in the military have posted profiles of themselves, and some have worn their military uniforms in their pictures. According to CNN, the public can identify these individuals’ running routes from the website.
Experts said that people could figure out patrol routes or where people are deployed from the Strava app, and the app could also endanger government officials in dangerous locations.
Strava said that their global heat map was anonymous and had “over a billion activities.” It added that it did not post information from private zones. However, CNN noted that the heat map was heavily populated in developed parts of the world but showed activities in remote places or areas with conflict, which were tip-offs that these were military bases.
For instance, Strava users in Syria and Afghanistan appear to be exclusively U.S. military, The Guardian reported.
“In locations like Afghanistan, Djibouti and Syria, the users of Strava seem to be almost exclusively foreign military personnel, meaning that bases stand out brightly. In Helmand province, Afghanistan, for instance, the locations of forward operating bases can be clearly seen, glowing white against the black map,” The Guardian wrote. “Zooming in on one of the larger bases clearly reveals its internal layout, as mapped out by the tracked jogging routes of numerous soldiers. The base itself is not visible on the satellite views of commercial providers such as Google Maps or Apple’s Maps, yet it can be clearly seen through Strava.”
- Uber Sued for Massive Data Breach and Cover Up
- Target to Pay $10 Million to Settle Data Breach
- Military Prep Superintendent Says Treat People with Respect or Get out