A fitness tracking company named Strava has inadvertently released sensitive locational data about military bases around the world in the form of a detailed heatmap.
The map shows all activity ever recorded by the app’s users, which allows exercise routes to be uploaded and shared. Released in November last year, it contains more than 3 trillion GPS data points collected from devices running the app such as Fitbits and smartphones.
While the map sure as heck looks pretty and can show popular exercise locations, it also makes remote military outposts stand out like dogs balls. Given the map is accessible to anyone, that’s not really the kind of information you want your enemies to see.
Military analyst, Nathan Ruser, picked up on the bung data, making a series of tweets pointing out that “US Bases are clearly identifiable and mappable”.
Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable pic.twitter.com/rBgGnOzasq
— Nathan Ruser (@Nrg8000) January 27, 2018
Not just US bases. Here is a Turkish patrol N of Manbij pic.twitter.com/1aiJVHSMZp
— Nathan Ruser (@Nrg8000) January 27, 2018
You can see the Russian operating area in Khmeimim, but also the guard patrol to the NE. pic.twitter.com/iWiX5Kozc1
— Nathan Ruser (@Nrg8000) January 27, 2018
Here are some FOBs in Afghanistan. pic.twitter.com/JoB7hKHwyh
— Nathan Ruser (@Nrg8000) January 27, 2018
FOBs are forward operating bases.
If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous. This particular track looks like it logs a regular jogging route. I shouldn’t be able to establish any Pattern of life info from this far away pic.twitter.com/Rf5mpAKme2
— Nathan Ruser (@Nrg8000) January 27, 2018
Analyst, Tobias Schneider, added his own thoughts to the data map.
So much cool stuff to be done. Outposts around Mosul (or locals who enjoy running in close circles around their houses): pic.twitter.com/wHItJwYUUI
— Tobias Schneider (@tobiaschneider) January 27, 2018
In Syria, known Coalition (i.e. US) bases light up the night. Some light markers over known Russian positions, no notable colouring for Iranian bases.
— Tobias Schneider (@tobiaschneider) January 27, 2018
It should be pointed out that many of these sensitive locations are not visible on other GPS apps like Google Maps, but are clearly shown when zooming in on the Strava heat map. Even outside of conflict zones, locations like Homey Airport, Nevada (more commonly known as Area 51) has been illuminated by a solo cyclist riding along the west edge of Groom Lake.
The company also released a heatmap back in 2015, but says the latest update “includes six times more data than before – in total 1 billion activities from all Strava data through September 2017. Our global heatmap is the largest, richest, and most beautiful dataset of its kind. It is a direct visualisation of Strava’s global network of athletes.”
It’s certainly not an ideal situation for defense around the world, particularly given the detailed mappings of the outposts in question. I’d wager the Strava app will be banned from these places pretty damn quickly.
