Whoops! Strava exercise heatmap compromised positions of military bases

Whoops! Strava exercise heatmap compromised positions of military bases


Another report in the Guardian points out that the Strava app also reveals locations of U.S. bases in Afghanistan as soldiers are the sole users of the app in these areas.

Now, before you start to become curious about a possible security breach, there is none associated with the fitness tracking app Strava which promotes itself as the social network of athletes. According to an article in The Daily Beast, the fitness-tracker app exposes security flaw at Taiwan's missile command centre.

Ruser said he has not been contacted by Strava or military officials. "Big opsec and persec fail", tweeted Nick Waters, a former British Army officer who pinpointed the location of his former base in Afghanistan using the map.

According to a report by The Guardian, military analysts noticed that the data visualization map was potentially revealing sensitive data about military personnel on service.

Strava simply published the data that users gave it permission to track and it's up to users to make sure that they aren't sharing sensitive information.

Users can ask themselves, do I really want to share my jogging route with the entire Internet?

The Strava app allows users to record their activity using Global Positioning System over a phone or wearable devices such as Fitbit, a device popular among USA forces.

The information leak is not due to a hacking attack, but rather through the Strava's own Global Heat Map, which displays the location of activities of its millions of users over a more than two-year period.

The data exposed by the heatmap is not limited to US military bases.

As for the researcher who exposed the security concern, Ruser tells the Sydney Morning Herald, "I'm surprised at how much mainstream attention the map has gotten".

That means popular exercise routes are revealed, but with many connected devices concentrated in less populated areas, it also inadvertently gives away the geolocations of military bases.

In response to inquiries about the Strava data, Pentagon spokeswoman Maj. Known military sites like Diego Garcia in the Pacific Ocean and the Falkland Islands' RAF Mount Pleasant also show activity. Even the ones that are are not visible in the satellite imagery of services like Google Maps and Apple Maps.

The heatmaps show a relatively clear structure of various foreign military bases located around the world.

In a statement to CNN, Strava said the company is "committed to helping people better understand" its privacy settings.

"Our global heat map represents an aggregated and anonymized view of over a billion activities uploaded to our platform".

  • Terrell Bush