Strava fitness tracking app published during November 2017 a visualization map to show where users make your own exercise. The exercise tracker published a data visualization map containing exercise routes shared by soldiers on active duty.
What is the problem?
Nevertheless, that map also exposed location information about military bases and spy posts around the world, military analysts report.
For instance, activities such as running, walking, biking are upload onto the Internet based on GPS points. Users in locations like Afghanistan and Syria seem to exclusively be military personnel, they say.
“If soldiers use the app like normal people do, by turning it on and tracking when they go to do exercise, it could be especially dangerous,” says Nathan Ruser, analyst with the Institute for United Conflict Analysts. On Strava’s map, the Helmand province of Afghanistan shows the layout of operating bases via exercise routes. The base is absent from satellite views on both Google Maps and Apple Maps.
Strava’s decision to publish sensitive location data is part of a growing discussion around how companies should handle the massive amount of information they collect on users.
Read more details here.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.