Smart wearables, fitness trackers, smartwatches, fitness apps. The growing popularity of these activity tracking apps and devices is a testament to our willingness to digitize and share even the minute details of our daily workout activities.
Every single heartbeat tracked, each step logged, even rising up from a sedentary chair is a statistic worth recording. Sometimes, we’re so fond of documenting our physical activities that we don’t really think about what these fitness tracker companies do with this data.
Personal privacy risks aside, did you know that some of this fitness tracker information can pose a threat to national security as well?
Fitness tracking app may be revealing more than it should
Strava, the popular fitness tracking app for smartphones, may just have revealed the secret locations of U.S. military bases and spy outposts around the world.
The location details were discovered in Strava’s data visualization “global heat map” released in November 2017. The map shows more than 3 trillion individual GPS points representing just about every activity uploaded to Strava’s servers.
The scope of the data is admittedly breathtaking, but analysts who have studied the heat map have noticed one peculiar thing – it might be giving away sensitive information and location details about military personnel on active service.
Why so? Well, because in war-torn areas like Iran and Syria, the Strava heat map is generally dark except for scattered areas of concentrated activity.
It’s not hard to put two and two together – due to the increased activity of fitness trackers in these isolated areas, these are presumably the bases where western personnel reside. (This also assumes that members of the Taliban and Al Qaeda haven’t taken a liking to fitness apps, Fitbits and Apple Watches quite yet.)
Nathan Ruser, a researcher for United Conflict Analysts, was the first one to notice the security implications of the Strava global heat map and shared his thoughts on Twitter.
He said that Strava’s heat map “looks very pretty, but not amazing for Op-Sec. U.S. Bases are clearly identifiable and mappable.”
Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable pic.twitter.com/rBgGnOzasq
— Nathan Ruser (@Nrg8000) January 27, 2018
Ruser noted that the map has dangerous implications, as well, since enemies can establish exercise patterns and routes of U.S. soldiers in various locations around the world. Think regular biking and jogging routes turned into surprise ambush points.
If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous. This particular track looks like it logs a regular jogging route. I shouldn't be able to establish any Pattern of life info from this far away pic.twitter.com/Rf5mpAKme2
— Nathan Ruser (@Nrg8000) January 27, 2018
Tobias Schneider, an international security analyst, also highlighted how Strava’s global heat map is a big security risk especially in locations like Afghanistan, Djibouti and Syria, where users of Strava appear to be mostly foreign military personnel. These areas stick out on the heat map like a sore thumb.
In Syria, known Coalition (i.e. US) bases light up the night. Some light markers over known Russian positions, no notable colouring for Iranian bases.
— Tobias Schneider (@tobiaschneider) January 27, 2018
Schneider warned that the data provide tons of sensitive information to would-be attackers, not just exercise data, but also patterns of living activity inside the bases including locations of barracks, dining areas and general work areas.
The security risks are not exclusive to military personnel, either. Since the data are anonymized, they also provide clues to the locations of social workers, aid agencies and the military bases of other countries such as the U.K. and even Russia.
Strava said in an official statement that it is “committed to working with military and government officials to address sensitive areas that might appear.” It is also urging its users to check the Strava app’s privacy settings.
To review your Strava app’s privacy on the web, go to “Settings” in your avatar’s dropdown options then select “Privacy” on the left menu bar.
On the Strava mobile app, you can view your privacy settings by tapping More >> Settings >> Privacy.
Listen to my free podcast
Don’t miss my Tech News This Week podcast where I talk about a fitness social network that unknowingly exposed the locations of secret U.S. military bases and more.
In other news, Google’s new tool lets you block annoying ads
Annoyed with persistent online reminder ads? Google has a plan to help you out. Click here to read more about this new tool.