Unintentionally, This Fitness Tracking App Revealed Secret Bases Of U.S Army

Anil - Apr 17, 2020

Strava’s heat map had provided adequate data to clearly specify and locate a number of secret locations belonging to the U.S army.

The popular fitness tracking app Strava recently was supposed to give away data about secret bases of the U.S army, patrols and forward operating bases (FOBs) as well.

The information originated from Twitter posts of Nathan Ruser, a founding member of the Institute for United Conflict Analysts. He emphasized that Strava’s heat map had provided adequate data to clearly specify and locate a number of secret locations belonging to the U.S army. In addition, he gave proof of his statement in his later tweets by identifying a Russian operating area in Khmeimim as well as their patrol, a Turkish patrol, Afghanistan FOBs, and soldier running routes.

As a result, the disclosure indicates that several dangers have a close connection with the development of the Internet of Things and unrestrained shadow IT. Added by the Twitter account Jake Williams, Strava users are made to autonomously allow their data to be shared on the heatmap; meanwhile, those who do not want to do so have to refuse the access rights manually.

In the enterprise, lax privacy policies can cause data revelation, which puts IP at high risk in some cases. According to Williams, the situation can have worse results than estimated. On his Twitter, he warned app developers that their defaults could bring deaths to their users.

In particular, the version of Strava’s heat map that appeared in Ruster’s analysis was launched in November 2017. As written in Strava blog post, it collects the data from 1 billion activities and 3 trillion latitude or longitude points (10TB of data totally). Although it is guaranteed that the data is kept anonymous, it does not ensure that hackers and cybercrimes can’t gain access to the data.

This data leakage should be considered as a dire warning to security and IT experts that even an app appearing to be harmless, a fitness tracker, for instance, can pose a threat to many organizations. From now on, enterprises will surely need to gain an IoT policy that is responsible for all devices used in the company’s network, not just includes the ones containing vulnerable data.