Channels

The Strava heat map

Fitness app inadvertently divulges IDF bases, patrol routes

Popular fitness app Strava publishes 'heat map' showing routes its users take while walking or jogging; map unintentionally reveals locations of known or classified IDF and American bases around the world; 'Soldiers' patrol routes also divulged,' says programmer.

Popular fitness app Strava inadvertently revealed IDF troop movements with public "heat maps" showing the paths taken by its users around the world as they were walking, riding bicycles or jogging.

 

 

The IDF was not the only military force affected, however, as the Global Heat Map uses satellite information to map the locations and movements of subscribers to the company's fitness service over a two-year period, by illuminating areas of activity, The Washington Post reported Sunday.

 

A Strava heat map showing the Hatzor Airbase
A Strava heat map showing the Hatzor Airbase
 

Strava says it has 27 million users around the world, including people who own widely available fitness devices, as well as people who directly subscribe to its mobile app. The map is not live, but shows a pattern of accumulated activity between 2015 and September 2017.

 

The map shows a great deal of activity in the US and Europe. But in war zones and deserts in countries such as Iraq and Syria, the heat map becomes almost entirely dark—except for scattered evidence of activity.

 

IDF troop movements near the Gaza border
IDF troop movements near the Gaza border

 

A closer look at those areas brings into focus the locations and outlines of well-known US military bases, as well as other lesser-known and potentially sensitive sites—possibly because American soldiers and other personnel are using fitness trackers as they move around.

 

The Global Heat Map was posted online in November 2017, but the information it contains was only publicized recently.

 

A classified military installation near Dimona
A classified military installation near Dimona

 

Israeli programmer Ran Bar-Zik followed up on Israeli heat maps, and found that both locations of IDF bases and patrol routes of soldiers were unintentionally disclosed.

 

Among the sensitive information divulged by Strava, Bar-Zik said, were a base in the Dimona region, patrol routes near air force bases—including the Hatzor base—and IDF patrols near the northern border.

 

"When a soldier with a Fitbit (a wearable activity tracker—ed) patrols around his base or near the border fence," Bar-Zik explained, "his data goes into that heat map. And if a few more soldiers do it, you can see not only security installations but also the outline of their very route—which paths are more traveled and which are less traveled."

 

"In the IDF's case," the programmer conjectured, "in most cases the fitness watch was triggered when soldiers in regular or reserve duty patrolled roads or around their base."

 

Lesser-known military installations also revealed

Paths traveled by the tracker's users are highlighted in the heat map, and in countries where the fitness app is popular many areas are completely lit up due to frequent sporting activity.

 

The map for Iraq, however, is mostly darkened, which points to limited Strava use, but a number of bases belonging to the US and its allies are nevertheless highlighted on the heat map. Among the bases "exposed" by the map are the Camp Taji north of Baghdad, Qayyarah Airfield West south of Mosul, Camp Speicher near Tikrit and Al Asad Airbase in the Anbar Province.

 

Other smaller sites in northern and western Iraq were also highlighted by the fitness app, which led to the exposure of lesser-known military installations.

 

The app's users also helped highlight the American Bagram Airfield north of Kabul, the capital of Afghanistan, as well as other sites in southern Afghanistan. Northern Syria's Qamishli, meanwhile, which is a stronghold of US-supported Kurds, also saw copious use of the app. 

 

Bagram Airfield in Afghanistan
Bagram Airfield in Afghanistan

   

One of the dangers the app poses is that it also highlights road routes, which points to the fact that Strava users leave the app turned on even as they're traveling by car, thereby providing details on the routes they habitually take.

 

Security analyst Tobias Schneider, one of the people who first discovered Strava's heat map showed military bases, said the app's maps also showed other military sites in Syria as well as the Madama base, used by French forces in Niger.

 

A British base in the Falkland Islands
A British base in the Falkland Islands

 

"In Syria, bases operated by the (US-led) coalition are lit up at night. Light signatures can also be seen over known Russian positions, whereas there are no highlighting around Iranian bases," he wrote on Twitter.

 

"A lot of people are going to have to sit through lectures come Monday morning," he joked, referring to the soldiers who inadvertently gave away sensitive information while keeping fit.

 

Makers of the Strava app responded by saying the military sites' exposure might have easily been avoided by users updating their privacy settings.

 

The IDF Spokesperson's Unit said, "The IDF recently released new policy regarding smart watch use, according to which soldiers were instructed to not divulge locations or classified information on apps like these, or on social networks in general, and were also told how to use them securely in a manner that poses no risks to IDF activity or their personal safety.

 

"The army will examine the app and give specific instruction to soldiers if necessary. It should be noted this is a civilian app that has many users, not just IDF soldiers. The information on the app pertaining to IDF bases is unofficial and unsupervised."

 

The Associated Press contributed to this report.

 


פרסום ראשון: 01.29.18, 15:15
 new comment
Warning:
This will delete your current comment