Over the weekend, news broke that Strava, a fitness-tracking app, is revealing potentially sensitive information about military bases and supply routes via its global heatmap website.The data map shows 1 billion activities and 3 trillion points of latitude and longitude from “Strava’s global network of athletes”, according to the American company. IT security experts commented below.
Tom Bonner, Senior Manager of Threat Research EMEA at Cylance:
“This incident serves to highlight a distinct lack of operational security employed by various government organisations around the world. Access to personal communication devices with geolocation services should be banned in sensitive/restricted locations, and broader assessments and awareness training undertaken by employers to understand and mitigate the potential risk posed by these types of services.”
Oliver Pinson-Roxburgh, EMEA Director at Alert Logic:
“I have seen some bizarre arguments on this in the past with people asking why we should care about hacking devices for location, arguing what could actually be done with the information. The military issues associated with this are alarming, and the military should be regularly testing these issues much like businesses should. There should really be no personal equipment or devices allowed during military operations, and military issued devices should be put through much more rigorous testing to look for different types of threats and risks to that of a commercial product.”