Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable pic.twitter.com/rBgGnOzasq— Nathan Ruser (@Nrg8000) January 27, 2018
The popular fitness tracking app Strava collects runners’ data from their phones to create “heat maps,” giving users access to what routes other runners are taking.
Unfortunately, the app is highly popular among United States soldiers, and as a result, the app is collecting location information that should remain under wraps, such as secret military bases.
Now, the Pentagon is reviewing its GPS policies to make sure that the location of secret military bases remains private.
BBC reports that soldiers using Strava are giving the app access to their GPS, which, in turn, is offering the app enough data to give anyone with access enough information regarding users’ basic location. Eventually, anyone can figure out where secret military bases are located by simply following the data collected by the app, which is exactly what Nathan Ruser, an international security student in Australia, did.
Tracking data for Fitbit and other devices reveals covert military bases in Africa, Central Asia as soldiers often forget to activate GPS privacy mode https://t.co/cYOzmN4GoR— WikiLeaks (@wikileaks) January 29, 2018
According to him, the best way to address this problem is to talk about it.
“I just looked at it and thought, ‘Oh hell, this should not be here — this is not good,'” Ruser said about military personnel on active service using the app and sharing their location data publicly. “I thought the best way to deal with it is to make the vulnerabilities known so they can be fixed. Someone would have noticed it at some point. I just happened to be the person who made the connection.”
While it’s obvious that the app isn’t just collecting data from U.S. soldiers, the vulnerabilities are real, and they may impact national security if enough data is collected over time.
However, this issue isn’t a problem that the app itself hadn’t anticipated. After all, the company behind the technology already urges military personnel to shut off the data sharing option. So perhaps, officials may have ignored or simply overseen the dangers imposed by modern technology as soldiers apparently continue to use apps like Strava regularly.
This goes to show that even those who are trained to put security first aren’t as careful about their privacy as one would expect.
Banner and thumbnail credit: Reuters, Mike Segar