Pentagon to Examine Fitness Trackers Post-Strava
Bebeto Matthews/AP File Photo
The massive privacy threat could affect you as well.
Fitness trackers like Fitbit, Jawbone and other smartphone fitness apps have become increasingly popular for people looking to keep up an active lifestyle. As it turns out, many of those people are in the U.S. military.
These wearable devices and the smartphone apps they're connected to collect a massive amount of data, including location information. Strava, a website and app that tracks athletic activity through GPS data, recently compiled its users' data in a global heatmap, inadvertently revealing the location of multiple overseas military bases.
Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable pic.twitter.com/rBgGnOzasq
— Nathan Ruser (@Nrg8000) January 27, 2018
Anyone looking for sensitive information like this can dig further into Strava's publicly available data and discover the movements and identities of international aid workers, intelligence operatives and millions of other people around the world.
It just keeps getting deeper. You can also trivially scrape segments, to get a list of people who travelled a route, and trivially obtain a list of users. #Strava pic.twitter.com/U9DnPsyHUD
— Paul D (@Paulmd199) January 28, 2018
In response to the news, the Defense Department announced Monday that acting Chief Information Officer Essye Miller would review the department's policies regarding wearable tech, reported the Washington Post.
"Recent data releases emphasize the need for situational awareness when members of the military share personal information," said Army Col. Robert Manning III, a Pentagon spokesman. "We take these matters seriously, and we are reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of DOD personnel at home and abroad."
Manning also stated that he was not aware whether the release of information previously resulted in a compromise of security.
If you happen to have a device that is uploading data to Strava, there is an option to turn your activity to private mode. According to Mashable, that data is still uploaded to Strava's servers, however.