The US Central Command says it’s in the process of refining its privacy policies after it was reported that a fitness tracking app that maps people’s exercise habits could pose security risks for security forces around the world.
The details were released by Strava in a data visualization map that shows all the activity tracked by users of its app, which allows people to record their exercise routines and also share it with others via the application. The map that they created for a better visualization, show all of the activity that has ever been uploaded to the application. This data was collected from over 3 trillion GPS data points across the world. The activities logged covered nearly 17 billion miles.
Sensitive information about the location and secret staffing of military bases and spy outposts around the world has been revealed by a fitness tracking company. The app can be used on various mobile devices including smartphones and fitness trackers like Fitbit to see popular running routes in major cities, or spot individuals in more remote areas who have unusual exercise patterns.
Last weekend some military analysts noticed that the map is also detailed enough that it potentially gives away extremely sensitive information about a subset of Strava users: military personnel on active service. Which could potentially get in the hands of enemies of the United States.
One of the analysts to step forward and comment on the situation was Nathan Ruser. Mr. Ruser is an analyst with the Institute for United Conflict Analysts. He was the first to take note of what was happening.
Nathan Rusers comment:
“If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous, looks like it logs a regular jogging route.”
Tobias Schneider also tweeted out his comment in the situation:
Lost weapons shot out a tweet with pictures of some sites:
In locations like Afghanistan, Djibouti or Syria, the users of Strava seem to be almost exclusively foreign military personnel, meaning that bases stand out brightly. Outside direct conflict zones, potentially sensitive information can still be gleaned.
For instance, a map of Homey Airport, Nevada (aka Area 51) records a single biker taking a ride from the base along the west edge of Groom Lake, marked on the heatmap by a small thin red line. Below is the image from Strava:
Another instance that raised alarm was the RAF Mount Pleasant in the Falkland Islands is lit up brightly on the heatmap, reflecting the exercise regimes of the thousand British personnel there. Below is a diagram from Strava:
Defense Secretary James Mattis has been made aware of the issue and the DoD is reviewing policy regarding smartphones and wearable devices, Pentagon spokesman Col. Rob Manning said last Monday.
“We take these matters seriously and we are reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of DoD personnel at home and abroad,” Manning said.
The Army previously issued fitness trackers to officers, though it’s unclear how many of these devices were synced to Strava’s software.
In 2013, the Army issued Fitbit Flex wristbands to some 2,000 soldiers as part of its “Performance Triad” program, as reported by Military.com.
In 2015, the program expanded: “20,000 soldiers and reservists across American bases within the continental US were tagged to participate,” Army Times reported.
James Mattis “has been very clear about not highlighting our capabilities to aid the enemy or give the enemy any advantage, so that would be our approach going in on this one as well.” Rob Manning said.
We will be putting out a updated story in the future for any repercussions from this.
Featured photo via Strava
Photos from Strava