Strava’s Global Heat Map Exposes User Locations Including Military Bases

Strava is a GPS tracking and fitness-tracker app manufacturer that is currently making headlines for introducing the Global Heat Map, which relies upon satellite information for identifying locations and movements of its subscribers for two years’ period.

With 27 million users on board from across the globe (including those using Vitofit, Fitbit and Jawbone) Strava is a high-profile firm but its heat map is receiving backlash from cyber-security fraternity because it leaks the locations of military bases as well as the daily routines of military personnel. It is worth noting that Strava posted Global Heat Map online in November last year.

More: Hackers can hack your kid’s smartwatch and track their location

According to a tweet from a member of the Institute for United Conflict Analysts, Nathan Ruser, the map makes it possible to identify the locations of known military installations by showing an accumulated activity pattern that gets extended to sensitive military spots as well as war zones and deserts.

In fact, it easily lets the user pinpoint installations in combat zones using the data of app users. Ruser, a 20-year-old Australian student, also posted screenshots of normal jogging tracks along with patrols and forward operating bases in Afghanistan locations.

Similarly, Adam Rawnsley, a journalist at the Daily Beast, also noted jogging activity nearby a beach that was close to CIA base in Somali city Mogadishu. Another journalist Ben Taub from the New Yorker was able to locate the US Special Operations bases in Sahel Region in Africa.

Most of the activities identified by the map are from the US and Europe but when it comes to deserts and war-stricken areas like Iraq and Syria, the map goes dark completely and only indicates activity in a scattered manner.

On Sunday, 28th January, the spokesperson for US Central Command, Air Force Col John Thomas, stated that implications of Global Heatmap are being monitored by the US military. We must not forget that Fitbit is widely used by military personnel for combating obesity. Around 2,500 Fitbits were distributed among military personnel by the Pentagon in 2013 under its pilot programme.

However, the latest discovery reveals that anyone can attack or ambush troops based upon the information received through the map. It is true that Strava’s Global Heat Map doesn’t actually leak the exact location of military bases but it does provide excessive information, which isn’t revealed by Google Maps as the latter shows only roads and buildings.

As per Major Audricia Harris, a US military spokesperson, the Department of Defence (DoD) takes such issues ‘very seriously.’ The department is reviewing the situation to assess where additional policy development, guidance or training is needed to “ensure the continued safety of DoD personnel at home and abroad.”

More: Google collects Android location data even if location service is off

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.