Your fitness tracker might be giving the enemy valuable intel
A company called Strava, a social network for people who want to track their workouts, updated an online map showing the routes of 1 billion workouts in 2017.
But in doing so, it seems to have exposed secret US military bases in Turkey, Syria, and Yemen.
Strava drew on data from devices like Fitbits or smartphones that people use to track workouts such as runs or bike rides. But fitness-tracker users skew Western, young, and active. In countries like Niger, the heat map appears to highlight the activity of US troops on military bases keeping fit.
Related: Hackers crack Pentagon's cyber walls more than 130 times
The result is potentially damning for the US military's operational security.
Previously covert bases may have been exposed, and highly trafficked locations within known bases have been highlighted.
Additionally, some users may have left the trackers on while going about normal business. Important supply routes and key daily routines have most likely been picked up by the heat map.
"In Syria, known coalition (ie US) bases light up the night," the military writer and analyst Tobias Schneider wrote.
"Some light markers over known Russian positions, no notable colouring for Iranian bases … A lot of people are going to have to sit through lectures."
But the most dangerous element of the heat map isn't the aggregated lines — it's the potential to determine which person drew which line. Anyone who gains access to Strava's data, legally or otherwise, can then track a specific person's movement, Jeffrey Lewis points out at the Daily Beast.
A user who works out frequently at a known military base, say a missile base, and then uses the app at another location may draw attention to a previously unknown site of interest.
This data could inform both state and nonstate actors as to where to attack in the case of war.
Also read: This former top-secret missile base is being slowly exposed
The US is not alone in being exposed — apparent Chinese joggers in the South China Sea contributed data to the Strava map, as did workers on Taiwan's secret missile bases. But the US's larger presence around the globe means it has more to lose.
After the map came out, internet users in short order identified some of the most sensitive US military sites around the world.
Here Lewis seems to think US troops are running around the US's nuclear weapons in Turkey.
I don't know who in the @39thAirBaseWing is running laps among the nuclear weapons at Incirlik AB with @Strava on his/her smartphone or IOT wearable ... but please stop. (Also, lets take the weapons out.) pic.twitter.com/T7XZytNPJx
— Jeffrey Lewis (@ArmsControlWonk) January 28, 2018
Here a Twitter user cross-referencing other open-source analysis seems to think he's spotted a CIA "black site," or somewhere that unacknowledged covert work is taking place, in Djibouti.
Cross-referencing @mjranum's recent post about using Google Maps to identify CIA "Black" sites in Djibouti, with the #Strava heat-map, appears to offer corroboration https://t.co/PfXDqRIvSS pic.twitter.com/GlxWOoKWcj
— Alec Muffett (@AlecMuffett) January 28, 2018
Whatever is going on here in the desert of Yemen is likely to come under increased scrutiny.
Rather interested to see what these two circles of activity are on the Strava map, seemingly in the middle of nowhere, Yemen https://t.co/xayZs30PkN pic.twitter.com/xLpWly9D0A
— Eliot Higgins (@EliotHiggins) January 27, 2018
But interestingly enough, the Pentagon, which is the headquarters of the Department of Defense, the biggest office building in the world, and the best-known US military command center in the world, is dark.