BOMBSHELL: Fitness app could be leaking U.S. national security secrets and more

Nichole Vega
January 30, 2018

A report by the Washington Post has revealed that a fitness-tracking app - Strava - is showing up the location of military bases, including secret Central Intelligence Agency camps, in all sorts of places around the world.

Now, before you start to become curious about a possible security breach, there is none associated with the fitness tracking app Strava which promotes itself as the social network of athletes.

While the locations of military bases are generally known, there are concerns about the level of activity it reveals about personnel inside and around the bases.

A SAS base in Hereford, along with a nuclear deterrent naval base and the government's spy agency GCHQ has been placed on a heatmap of Strava's customers, including the profiles of several people who regularly run to-and-from the highly sensitive buildings. It is billed as being the "largest, riches, and most lovely dataset of its kind", but it's also proving a little too revealing for some military personnel.

He started tweeting about his discovery, and the internet also lit up, as data analysts, military experts and former soldiers began scouring the map.

Strava said that its heatmap was based only on information that its users publicly shared.

If anyone were to hack Strava, he said, they might be able to connect a particular user with a particular route. 13 trillion Global Positioning System points from their users (turning off data sharing is an option).

In most cases, the public data can be useful.

While the map doesn't identify users, it details extensive information on the whereabouts and routines of soldiers and other military personnel.

People also found a UK RAF base in the Falklands and French forces in Niger.

Similarly in Syria, areas that appear to be bases in the north, where U.S. troops are aiding local partners in the fight against the Islamic State group, are lit up brightly against an otherwise dark background. It's one thing to try to discern any viable information from a heat map of the USA or Europe, and quite a different thing to discover potential bases in war zones.

That means popular exercise routes are revealed, but with many connected devices concentrated in less populated areas, it also inadvertently gives away the geolocations of military bases.

"It is a bit surprising that it sort of sat there [for months]", Ruser said.

Breaking down the data, they went on to say Strava's map consisted of "1 billion activities, 3 trillion latitude/longitude points, 13 trillion pixels rasterized, 10 terabytes of raw input data, a total distance of 27 billion km (17 billion miles), a total recorded activity duration of 200 thousand years [and] 5% of all land on Earth covered by tiles".

Strava said in a statement to CNN that the company is "committed to helping people better understand" its privacy settings. "I expected it to languish in wonk circles and open source circles until the US government quietly fixed the problem, but instead it seems to have blown up a lot more than I would have thought".

Other reports by AllAboutTopnews

Discuss This Article

FOLLOW OUR NEWSPAPER