Sometimes you don’t need a “hack” to have a cybersecurity issue. The locations of several US military bases in the Middle East seem to have been inadvertently revealed through US soldiers’ use of fitness tracking devices, and the fitness tracking app Strava.
Strava uses satellite information to map the location and movements of users to create the Global Heat Map – and it was “a few scattered pinpricks of activity” in the otherwise dark areas of war zones in Iraq and Syria that gave away the sites.
Fairfax Media reports that the map, which is not live, but a collection of data between September 2015 and September 2017, was stumbled upon by Australian student Nathan Russer in November last year. When he tweeted about his discovery, others online responded, pointing out evidence of activity in areas of interest – such as near a suspected CIA base in Mogadishu, and US special operations base in the Sahel. It’s believed the data was collected by Strava by US soldiers wearing FitBits or similar devices.
While the location of many sites illuminated by the map is public knowledge, the data provides a wealth of useful information to those looking to attack US troops. Security experts told Fairfax Media that the availability of the data is a clear security threat.
Strava apps contain an option for users to turn off the data transmission service, making it the user’s responsibility to ensure their security isn’t breached.
The US Central Command says the US military is looking into the implications of the map.