Fitness tracking app Strava may have revealed critical locations of U.S. military bases all over the world. The application’s data visualization map is so detailed it’s possible to map out spy outposts and military base staffing and locations based on the active military personnel using their service.
On November 2017, Strava released a map that shows all the activities of its users. The total data points at that time were more than 3 trillion latitude and longitude points generated from one billion activities. Strava is available on fitness trackers like Fitbit and smartphones. Through Strava, users can take a peel on the exercise patterns on users in remote areas and find favorite running routes in major cities.
While Strava users benefit from this convenient map, military analysts noticed something alarming over the weekend. Strava users who happen to be part of the military on active service may give away sensitive information based on their exercise activity. Nathan Ruser of the Institute United Conflict Analysts noted that Strava’s global heat map could hurt operational security.
“US Bases are clearly identifiable and mappable. If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous.”
Strava users in Syria, Djibouti, and Afghanistan appears to be mainly members of the foreign military. Hence, the location of the bases in those territories stands out. In Afghanistan’s Helmand province shows a white glow against Strava’s black map.
So much cool stuff to be done. Outposts around Mosul (or locals who enjoy running in close circles around their houses): pic.twitter.com/wHItJwYUUI
— Tobias Schneider (@tobiaschneider) January 27, 2018
By zooming in the map, it’s possible to see the internal layout of the military base thanks to the jogging routes of numerous soldiers in the area. These locations are visible from the satellite view provided by Apple’s Maps or Google Maps. However, Strava offers a clear view of the map in these direct conflict zones.
In a tweet, Independent International Security Analyst Tobias Sneider noted that the military should be made aware of this lapse.
“In Syria, known Coalition (i.e. US) bases light up the night. Some light markers over known Russian positions, no notable colouring for Iranian bases.”
Strava also makes it possible to get a list of people who traveled on a particular route and generate a list of users. Theoretically, it’s possible to follow someone home.
Early 2018, soldier A took his bike around his military compound somewhere in Afghanistan. #Strava dataset's risks for OpSec have reached a new level. It's possible to track down who is behind a segment. pic.twitter.com/bVMGzdkpLx
— Aliaume Leroy (@Yaolri) January 29, 2018
As reported by the Washington Post, U.S. Central Command spokesman Air Force Col. John Thomas stated on Sunday, Jan. 28, that the U.S. military will look into the map’s implications.
The issue of compromising the operational security is not exclusive to the United States. The detailed heatmap also revealed the location and activity of foreign military bases with Strava app users.
As for Strava, the company urged the public to review the privacy settings of the app.
Strava emphasized that the activities on their Global Heat Map excluded activities in user-defined privacy zones and those that were defined private.