A heatmap released by Strava, a popular fitness tracking app has raised major security concerns after it disclosed locations of U.S military bases all around the world.
Strava is a fitness tracking app that allows its users to record their walking, running, cycling or swimming patterns and share it with others.
Back in November 2017, Strava published a heatmap showing the exercise routes taken by its every single user.
Everything was okay with the map lighting up different places across the world until this weekend when an Australian university student, Nathan Ruser, stumbled upon the map and gave it a close read.
“I wondered, does it show U.S. soldiers,” Nathan told The Washington Post.
While major cities of the world are shown by bright colors due to a large number of activities there, the U.S military bases stand out as being located at uninhabited areas in Syria, Afghanistan, Somalia.
21-year old, Nathan posted some of the pictures on Twitter and wrote that the heatmap “looks very pretty” but is “not amazing for Op-Sec”. “US Bases are clearly identifiable and mappable.”
Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable pic.twitter.com/rBgGnOzasq
— Nathan Ruser (@Nrg8000) 27 January 2018
The app works on smartphones and wearable devices like Fitbit (which were distributed among U.S soldiers by their army to test a fitness program). Strava tracks users’ exercises via GPS.
The locations of U.S military bases are generally known but the thing that concerns security experts the most is the revelation of activities of personnel around and within the bases. Identities of these officers can easily be revealed by studying their exercise routes.
Some of the Twitter users even identified oil wells and drilling equipment present near the U.S military bases.
Since Nathan’s Tweets, Strava has released a statement saying that the app offers a privacy mode that wouldn’t share data outside of the app. Some of the army personnel may not be aware of the privacy feature and would not have realized that they were sharing their locations on the internet.
“Our global heatmap represents an aggregated and anonymized view of over a billion activities uploaded to our platform. It excludes activities that have been marked as private and user-defined privacy zones. We are committed to helping people better understand our settings to give them control over what they share,” Strava stated.
The U.S military is currently looking into the matter.