/ 29 January 2018

Exercise tracking app reveals details of military sites

According to Strava
According to Strava

A map showing paths taken by users of an exercise tracking app reveals potentially sensitive information about American and allied military personnel in places including Afghanistan, Iraq and Syria.

While some bases are well known to groups that want to attack them, the map also shows what appear to be routes taken by forces moving outside of bases – information that could be used in planning bombings or ambushes.

The map, made by Strava Labs, shows the movements of its app users around the world, indicating the intensity of travel along a given path – a “direct visualisation of Strava’s global network of athletes,” it says.

Routes are highlighted over large parts of some countries, but in others, specific locations stand out.

The map of Iraq is largely dark, indicating limited use of Strava’s app, but a series of well-known military bases where American and US-led anti-jihadist coalition forces have been deployed are highlighted in detail.

These include Taji north of Baghdad, Qayyarah south of Mosul, Speicher near Tikrit and Al-Asad in Anbar Province.

Smaller sites are also highlighted on the map in northern and western Iraq, indicating the presence of other, lesser-known installations.

More dangerously, stretches of road are also highlighted, indicating that Strava users kept their devices on while traveling, potentially providing details about commonly-taken routes.

In Afghanistan, Bagram Air Field north of Kabul is a hive of activity, as are several locations in the country’s south. And in Syria, Qamishli in the northwest, a stronghold of US-allied Kurdish forces, is clearly visible.

Tobias Schneider, a security analyst who was among the group of people who discovered that the map showed military bases, noted that it indicated military sites in Syria, as well as the Madama base used by French forces in Niger.

“In Syria, known Coalition (i.e. US) bases light up the night. Some light markers over known Russian positions, no notable coloring for Iranian bases,” Schneider wrote on Twitter.

“A lot of people are going to have to sit thru lectures come Monday morning,” he wrote, referring to soldiers likely to be taken to task for inadvertently revealing sensitive information while trying to keep in shape.

The issue could have been fairly easily avoided: According to Strava, “athletes with the Metro/heatmap opt-out privacy setting have all data excluded.”