MILITARY BIG-WIGS are likely face-palming all over the globe as it appears fitness-tracking app Strava has unknowingly leaked the location of army bases.
The firm uses phone or smartwatch GPS to track a user's activity in order to work out their workouts and calculate calorie-burning activities. Strava, clearly feeling proud as punch at its app's abilities, released a heat map in November showing the activity of users worldwide.
The heat map was formed out of data from a billion activities from across the globe and presents a pretty looking picture. But it has an accidental sting in its tail.
Military analyst Nathan Ruser, who's the founding member of the Institute for United Conflict Analysts, pointed out on Twitter that the heat map recorded activity that can use to work out where military bases are and the movement patterns of soldiers within them.
Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable pic.twitter.com/rBgGnOzasq— Nathan Ruser (@Nrg8000) 27 January 2018
Peruse the heat map and you'll see it's ablaze with activity in areas that can be easily identified as cities. Head to a dessert and you'll struggle to spot much in the way of fitness-fuelled light.
But look carefully, especially in areas that are known war zones, and you can spot pockets of activity following specific patterns. Now with a little nous you can cross reference the conflict zone with heat map and have a good stab at identifying the location of a military base; after all, we doubt many fitness raves are held in the depths of Afghanistan.
"It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable," said Ruser.
While some soldiers might indeed be fitness nuts keen to share their best activity sessions, the data Strava collects, while anonymous, poses a serious security problem.
A lot of US bases in conflict areas are known, so one might wonder what the big deal is given the firepower such locations easily outmatch that of enemy forces.
But with some analysis, the data could also provide the enemy combatants and terrorists with the intel they need to identify patrol roots, military activity, and potentially locate secret military sites.
The US military is apparently clamping down on the use of personal gadgets, especially those with tracking features. And it's worth noting that the data sharing in Strava can be turned off, meaning military types can still track their jogs without sharing their location with the world.
Of course, when you have a shiny new gadget the last thing you're likely to be thinking about is turning off features.
But regardless Strava's innocent heat map clearly shows that the much-heralded Internet of Things (IoT) future with all its connected gadgets poses a pretty serious risk to privacy and security if mitigating measures aren't put in place.
And with more and more devices getting smart and connected, it's high time more IoT data security standards were figured-out before it gets FUBAR. µ
We should be shocked, but...
But the search giant has now squashed the bug
But it's not yet available here in Blighty