‘Strava’ fitness app sparks concern as it shows the location of classified US bases

strava-heatmap.png

An online interactive map showing the locations and activities of people who use GPS fitness tracking devices has raised security concerns for military personnel.

The Global Heat Map, published by the fitness tracking app Strava, uses satellite information to chart the movements of subscribers as they run or cycle, illuminating busy areas.

Anyone can create an account for free and find ‘routes’, or ‘segments’ around military bases which shows publicly recorded times for users in that area which can then be linked to other social media profiles to identify the names of military personnel.

Strava have been in the news for ‘geotagging’ security issues before. After a rise in theft for high-end road bicycles in London started in 2016, it emerged thieves would be able to see the start/finish point of a publicly shared bike ride – which was normally someones home, therefore highlighting the bikes location and where it would be kept overnight.

GCHQ
A heatmap of GPS data recorded by Strava, which shows runners using it at Government Communications Headquarters (GCHQ) in Cheltenham.

Similarly members of the MoD and civil servants who don’t live on military bases are at risk as this data shows their routes to and from work. Certain buildings within military establishments have a total ban of Personnel Electronic Devices (PEDs), including phones and GPS watches but unless you actively edit your privacy settings, data will be publicly shared regardless if you specifically post it or not.

It leaves a digital footprint where patterns can be tracked, for example – if a user has been running a particular route for a consistent period of time and is identified by name/job/unit (through links to other social media accounts) and then stops that run, it could be assumed as one method of verification that they have been deployed on operations.  A  particular concern for sailors based at HMNB Clyde in Scotland and who crew the Vanguard class submarines whose deployment dates are not public knowledge.

HMNB Clyde.jpg
Other sensitive locations in the UK where joggers have been using Strava include HMNB, Clyde in Scotland.

A Ministry of Defence spokesman said: “The MOD takes the security of its personnel and establishments very seriously and keeps them under constant review.”

“However, for obvious reasons we do not comment on our specific security arrangements or procedures.”

More alarmingly it appears to also highlight a US Special Operations base in the Sahel region of Africa, as well as the movements of soldiers stationed at foreign military bases in countries like Afghanistan and Syria.

An Australian student, Nathan Ruser, first highlighted the issue when he came across the map while browsing a cartography blog last week.

The map shows a great deal of activity in the US and Europe, but in war zones and deserts in countries such as Iraq and Syria, it becomes almost entirely dark – except for scattered evidence of activity.

A closer look at those areas brings into focus the locations and outlines of well-known US military bases, as well as other lesser-known and potentially sensitive sites – possibly because American soldiers and other personnel are using fitness trackers as they move around.

CIA.jpeg
Camp Lemonnier (top right), and a suspected CIA base (bottom left) in Djibouti.

 

US Military officials are looking into the situation to determine how to respond. Spokeswoman Major Audricia Harris said:

“The Department of Defense (DoD) takes matters like these very seriously and is reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of DoD personnel at home and abroad.”

The Global Heat Map was posted online in November 2017, but the information it contains was only publicised recently.

Strava says it has 27 million users around the world and added: “We take the safety of our community seriously and are committed to working with military and government officials to address sensitive areas that might appear.”

Official advice from Strava to all military personnel is to double check privacy settings on the app but if in any doubt it compromises operational security to delete it all together.

Advertisements