An interactive online map showing the location of fitness device users has exposed a major security oversight on United States military bases around the world.
The Global Heat Map was published by Strava, a GPS tracking company that collects data for Fitbit, Garmin, and Jawbone fitness devices. Owners of these devices subscribed to Strava’s service and had the option to share their location data when they activated their device. Strava used satellite info to map the location and activities of their users. The map shows multicolored lines marking areas of activity. Low activity areas are marked in red while high-traffic areas are marked in bright yellow.
More than 1 billion individual activities were recorded and uploaded to Strava, excluding those which had been marked as private by the user. The heat map shows only historical data, none of the information is shared live. “Strava is special in that you can record activities anywhere in the world and connect with athletes along the way,” spokeswoman Annie Vranizan explains in a 2017 statement informing subscribers how to manage their privacy settings. “Even in my own San Francisco backyard, I’m mindful of how I share my activities. What gives me comfort is knowing that I can control what I share on Strava and that our team has built the tools necessary for you to do the same… You can customize the information you share and find the balance between being social and being private that feels just right to you.”
The Global Heat Map was released in November, 2017, but the security implications weren’t realized until last week. Nathan Ruser of the Institute for United Conflict Analysts shared his concern on Twitter,
Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable pic.twitter.com/rBgGnOzasq
— Nathan Ruser (@Nrg8000) January 27, 2018
“It looks very pretty, but not amazing for Op-Sec,” Ruser wrote. “US Bases are clearly identifiable and mappable.” The locations of these bases are already clearly marked on other satellite imaging services like Google Maps, but Stava’s heat map shows where how individuals are moving throughout the base, the frequency of their movements, and even where they sleep. Compare the image of Fort Benning between Strava’s Heat Map and Google Maps below,
A comparison of the two maps could be used to identify which roads and buildings are used most often by the most people.
The Global Heat Map shows incredible detail across the globe. It’s brightly lit across most of the civilized world. Countries like the United States and Europe are almost completely illuminated in bright yellow and orange. War-torn nations like Afghanistan, Iraq, and Syria are almost completely dark, except for military installations.
The Pentagon encourages military personnel to use fitness tracking devices like Fitbits to battle obesity problems. More than 2,500 Fitbits were distributed to military personnel in 2013 alone. Ruser considered this when he learned about the Global Heat Map. “I wondered, does it show U.S. soldiers?” he said before zooming in on Syria. “It sort of lit up like a Christmas tree.”
According to Fox News, “A closer look at those areas brings into focus the locations and outlines of well-known U.S. military bases, as well as other lesser-known and potentially sensitive sites — possibly because American soldiers and other personnel are using fitness trackers as they move around.”
Security threats like this are not unheard of, and many sensitive areas already ban the use of electronic devices. Data shared on the heat map could be used to plan offensive maneuvers against U.S. military bases or ambush troops. “DoD takes matters like these very seriously and is reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of DoD personnel at home and abroad,” said DoD spokeswoman Maj. Audricia Harris.
The Washington Post reports that base commanders of U.S.-led coalition forces are being encouraged to “refine and enforce existing rules” regarding privacy settings on personal electronic devices according to a statement from the Central Command press office in Kuwait.
“The rapid development of new and innovative information technologies enhances the quality of our lives but also poses potential challenges to operational security and force protection,” said the statement. “The Coalition is in the process of implementing refined guidance on privacy settings for wireless technologies and applications, and such technologies are forbidden at certain Coalition sites and during certain activities.”