How a Fitness Tracking App Exposed U.S. Military Secrets

January 29, 2018, 10:56 AM UTC
US Navy crew jog on the flight deck of t
US Navy crew jog on the flight deck of the USS Nimitz CVN 68, a nuclear-powered aircraft carrier, after arriving at a naval base in the South Korean port city of Busan, some 450 kms southeast of Seoul on February 28, 2008. The US Navy aircraft carrier USS Nimitz and its 5,300 crew members will play a key role in the annual joint exercise of South Korean and US forces here. The exercise, called Key Resolve, mainly aims to test the combined forces' ability to host over 600,000 US troops to be deployed here in case of an armed conflict while effectively defending the country from enemy hostilities. AFP PHOTO/KIM JAE-HWAN (Photo credit should read KIM JAE-HWAN/AFP/Getty Images)
Kim Jae-Hwan—AFP/Getty Images

When Strava, an exercise-tracking firm, last year published a “heat map” of its user activity around the world, it probably didn’t expect the data representation to cause a national security scandal—but it has.

Over the weekend, an Australian conflict analyst named Nathan Ruser realized that the map clearly showed activities around U.S. military bases in war-torn regions, due to its tracking of soldiers’ Fitbits and other such devices.

While places in North America and Europe, for example, show tons of exercise-tracking activity that is difficult to analyze with the naked eye, that doesn’t hold true for places where few people might be expected to be wearing costly fitness trackers—just soldiers and aid workers.

Ruser’s tweets prompted journalists to check out the activities around military bases that they already knew about, in places like Iraq and Somalia, and even to identify bases that weren’t common knowledge.

The information could be used to plan attacks on soldiers, as it shows where they are likely to be, and essentially maps out their supply routes.

According to The Washington Post, U.S. Central Command is now “looking into the issue.”

Users of Strava’s app can turn off location tracking, but that’s really down to them. When the Pentagon distributed thousands of Fitbits among its personnel—in order to combat obesity—it’s not clear what regulations came along with the perk.

“Our global heatmap represents an aggregated and anonymized view of over a billion activities uploaded to our platform. It excludes activities that have been marked as private and user-defined privacy zones. We are committed to helping people better understand our settings to give them control over what they share,” Strava said in an emailed statement.

This appears to be a case of people simply not thinking through the implications of the personal data they are broadcasting when they wear a fitness tracker and allow it to constantly connect to a cloud-based service. However, multiple studies have shown that many of these devices also suffer from poor security that can leave users’ health data exposed.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward