STRAVA
Privacy issues with Strava have been ongoing for years. It is a running/jogging app that lets you publicly post your jogging route. There are a few issues with this and what gets the most attention is when people protecting a head of state give away their location, which in turn, gives away the location of the VIP being protected. Often, this location is meant to be a secret.
Why does the issue persist well after publicity about the problem? I suspect old people are part of the problem. Heads of large organizations tend to be old and old people may not adjust their thinking to a changing world. Or may be be able to understand or adapt to a changing world.
OCTOBER 2024 ARTICLES
October 29, 2024: Merde! Macron's bodyguards reveal his location by sharing Strava data
It's not just the French president, Biden and Putin also reportedly trackable by Iain Thomson for The Register. Quoting
"This isn't the first time Strava users have been caught leaking information in this way. In 2018, the US military ordered a review of soldiers' use of the app after an analysis of the data it generated revealed the location of secretive American and Australian military bases ... Strava users can choose to keep their location secret, but the app maps information by default and it appears that GSPR members may be more interested in showing off their fitness prowess than securing their data, even after years of examples of why this is a really bad idea ... Other workout software is just as bad. Fitness app Polar has been caught exposing similar information, which prompted a massive review of operations and a tightening up of security defaults for the code, but only after journalists started exposing the flaws in openly publishing years of its users' movements."
October 29, 2024: Via Strava: Bodyguards make the whereabouts of heads of state public by Martin Holland for Heise. Quoting
"Bodyguards and employees of secret services responsible for protecting heads of state like to share their fitness activities via Strava and thus reveal their whereabouts. The French newspaper Le Monde has discovered this and points out that the underlying problem was identified six years ago but has still not been fully resolved. The potential security risk has been confirmed for US President Joe Biden, his Vice President Kamala Harris, former President Donald Trump, French President Emmanuel Macron and his Russian counterpart Vladimir Putin. Jill Biden and Melania Trump were also affected."
October 27, 2024: Strava, the exercise app filled with security holes by Martin Untersinger for Le Monde. This is not the whole article. Quoting: "An investigation by Le Monde reveals that men charged with protecting Emmanuel Macron, several US presidents and Vladimir Putin can be identified through their use of the sports-tracking app, endangering their mission and the lives of those they protect ... military personnel ... didn't think to protect their activity and instead posted it publicly. By aggregating anonymous data, Strava reveals the presence of military bases worldwide or, more frequently, their layout and the paths taken by military personnel in or around them ... Strava, [it] shifts the responsibility to its users, specifying that only public activities were aggregated, but pledges to simplify privacy settings ... investigations by French satirical weekly Le Canard enchaîné and daily newspaper Le Télégramme revealed an even bigger loophole: It is possible to identify by name members of the intelligence services or French soldiers ... "
2023
June 11, 2023: Strava heatmap feature can be abused to find home addresses by Bill Toulas for Bleeping Computer. Quoting:
"In 2018, Strava implemented a feature called 'heatmap' that anonymously aggregates users' (runners, cyclists, hikers) activity to help users find trails or exercise hotspots, meet like-minded individuals, and perform their sessions in more crowded and safer locations. However ... this feature opens up the possibility for tracking and de-anonymizing users using publicly available heatmap data combined with specific user metadata ... The heatmap feature is active by default on all Strava apps, but users can opt out through settings ... As many Strava users register with their real names and even upload profile pictures of themselves, correlating identities with home locations is possible."
DEFENSIVE STEPS
FROM STRAVA
There is a lot here to digest. No doubt, that is part of the problem.
2018
August 7, 2018: Pentagon tells troops: Turn off fitness tracker GPS when you head to warzones by Sean Gallagher for Ars Technica. Quoting:
"Eight months after a researcher discovered that the 'heatmap' feature of the Strava fitness tracking community was revealing the location of US military facilities in Syria and other conflict zones as well as some troop movements, the Department of Defense has instructed troops headed to potentially hostile territory to turn off the Global Positioning System features of their fitness tracking gadgets and mobile applications."
Eight months for a response? And, the six years that have passed since this article was written, have shown, that the response was useless drivel.
This page: 3 views per day (over 95 days) Total views: 240 Created: November 10, 2024 |
This Page Last Updated November 10, 2024 | Site Page Views TOTAL 1,097,345 | Site Page Views TODAY 1,221 |
Website by Michael Horowitz @defensivecomput |
top |