Fitness trackers that use GPS collect a lot of data about your movements. Just like your smartphones and Google Maps, they know where you've been, when, and how long you stayed.
Generally, this is fine. People have come to accept that corporations have a large amount of data about them, and try not to worry about it too much. It's not like you're trying to hide military secrets, after all.
Wait, some people are actually supposed to hide military secrets. The military, for example. Over the weekend their data has been leaked by an unlikely source – a jogging app called Strava.
It's even revealed information from within the NSA and Area 51.
Strava has released a heat map of the world, with a whopping 13 trillion GPS locations showing where their users (the ones that allow data-sharing) have been.
Unfortunately, it seems a lot of US military personnel have not turned off data sharing, leading people to locate military bases with no real effort whatsoever.
The data can be accessed by literally anybody with Internet. While the locations of military bases can be seen through Google Maps, these are often blurred out in order to protect classified information. Here, however, you can quite clearly see human activity routes, even in places that supposedly aren't inhabited.
An ex-infantry officer is concerned that the data from this app appears to even show supply lines.
"Big OPSEC and PERSEC fail," Nick Waters, who identified several military bases using the map. "Patrol routes, isolated patrol bases, lots of stuff that could be turned into actionable intelligence."
Others say they were able to identify shipping routes to and from military bases, and worried that if you were so inclined you could exploit extremely simple vulnerabilities in Strava's system. Simply by changing the URL, they appear to have been able to track an individual's path as they go on their morning run.
Which is fine if they went off to the shops for some milk, but less ok if they were popping off to a military base to resupply with grenades. Even if they aren't doing anything secret, soldiers have been using the app on a regular basis, leaving a lot of data available to potential enemies.
It's not just the US military who failed to turn off their fitness trackers though. In the UK, staff appear to be using the app as they stroll around a nuclear weapons base.
It appears this was done against the strict instructions of their employers.
One final irony shows that the app has been used regularly inside the National Security Agency.
Concerned citizens on Twitter have highlighted the vulnerabilities of the system, but Strava has not yet taken it down. It's likely they'll be quick to take down the information when the world's military leaders get in touch for a quiet chat.
In the meantime, if you're working in a potentially sensitive area that requires secrecy and discretion (hello, Area 51), we advise you to turn off your data immediately.
1
