An activity heat map published by Strava has inadvertently revealed key locations of military bases across the world including those in conflict zones like Syria, Iraq etc. Stava is a “social network for athletes” which essentially allows one to track their running session or any other kind of physical activity and post it on their board.
Strava had announced an update for their heat map in November which displayed a global hotspot of user activity comprising of over 1 billion activities.
Now, by going through this global heat map and with previously available information, security researchers and analysts were quick to find out military bases of the US military and offices of intelligence agencies.
Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable pic.twitter.com/rBgGnOzasq
— Nathan Ruser (@Nrg8000) January 27, 2018
As if that was not enough, the data could potentially also help one figure out the “patterns of life” of an individual working in the military or intelligence agency.
Security researcher Paul Dietrich claims that he was able to use the data scraped from Strava’s website to track a French soldier from overseas deployment to all the way back home. This sounds easier than you think as one can simply follow the feed of a soldier and see their activity location over a period of days and weeks to track their lifestyle and routines.
While the heat map was uploaded by Strava, the company is not to be blamed here. It just collects user data anonymously and then uses it to create a heat map. It even offers the option of opting out of uploading location data to its servers which ideally military and security personnel should have made use of. However, given their lack of training in this regard, they did not think it was necessary to do so. On the bright side, Strava’s data has not been reported to be used for carrying out an attack on any of the hidden military bases or intelligence agencies.
Nonetheless, this revelation will now force the U.S military and other intelligence agencies to reconsider their approach towards fitness tracking apps.[Via Ars]