Strava is a GPS tracking and fitness-tracker app manufacturer that is currently making headlines for introducing the Global Heat Map, which relies upon satellite information for identifying locations and movements of its subscribers for two years period.
With 27 million users on board from across the globe (including those using Vitofit, Fitbit and Jawbone) Strava is a high-profile firm but its heat map is receiving backlash from cyber-security fraternity because it leaks the locations of military bases as well as the daily routines of military personnel. It is worth noting that Strava posted Global Heat Map online in November last year.
More: Hackers can hack your kid’s smartwatch and track their location
According to a tweet from a member of the Institute for United Conflict Analysts, Nathan Ruser, the map makes it possible to identify the locations of known military installations by showing an accumulated activity pattern that gets extended to sensitive military spots as well as war zones and deserts.
In fact, it easily lets the user pinpoint installations in combat zones using the data of app users. Ruser, a 20-year-old Australian student, also posted screenshots of normal jogging tracks along with patrols and forward operating bases in Afghanistan locations.
Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable pic.twitter.com/rBgGnOzasq
— Nathan Ruser (@Nrg8000) January 27, 2018
Similarly, Adam Rawnsley, a journalist at the Daily Beast, also noted jogging activity nearby a beach that was close to the CIA base in Somali city Mogadishu. Another journalist Ben Taub from the New Yorker was able to locate the US Special Operations bases in Sahel Region in Africa.
Most of the activities identified by the map are from the US and Europe but when it comes to deserts and war-stricken areas like Iraq and Syria, the map goes dark completely and only indicates activity in a scattered manner.
Comment from the US military on our story about Strava fitness trackers in full (thread): "The rapid development of new and innovative information technologies enhances the quality of our lives but also poses potential challenges to operational security and force protection"
— Liz Sly (@LizSly) January 29, 2018
On Sunday, 28th January, the spokesperson for US Central Command, Air Force Col John Thomas, stated that implications of Global Heatmap are being monitored by the US military. We must not forget that Fitbit is widely used by military personnel for combating obesity. Around 2,500 Fitbits were distributed among military personnel by the Pentagon in 2013 under its pilot program.
However, the latest discovery reveals that anyone can attack or ambush troops based upon the information received through the map. It is true that Strava’s Global Heat Map doesn’t actually leak the exact location of military bases but it does provide excessive information, which isn’t revealed by Google Maps as the latter shows only roads and buildings.
As per Major Audricia Harris, a US military spokesperson, the Department of Defence (DoD) takes such issues ‘very seriously.’ The department is reviewing the situation to assess where additional policy development, guidance or training is needed to “ensure the continued safety of DoD personnel at home and abroad.”
More: Google collects Android location data even if location service is off