2 min read

Israeli military personnel spied on via Strava fitness-tracking app

Graham CLULEY

June 22, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Israeli military personnel spied on via Strava fitness-tracking app

The Strava fitness-tracking app is being used to spy upon members of the Israeli military, tracking their movements at secret bases across the country and potentially even help observe their activities when they travel overseas.

That's the finding of FakeReporter, an Israeli open-source intelligence operation, which says it identified the surveillance campaign was used to gather data on at least 100 individuals who exercised at six secret military bases.

The popular Strava app allows fitness fanatics to define "segments" - portions of road or trail where athletes can compare times.  Segments can be created either directly through the Strava app. or by uploading GPS data from other services.

However, Strava has no way of knowing whether GPS data uploaded to its service to create a segment is legitimate or not.

And it's one set of such seemingly faked segments - made by a user who gave their location as Boston, MA, but uploaded fake segments at Israeli military establishments, intelligence agency outposts, and supposedly secure bases associated with Israel's nuclear programme - which have rung alarm bells.

In a series of tweets, FakeReporter claims that the personal information of users’ serving in the classified facilities was exposed, including details of their family members, colleagues, home addresses, and overseas travel history.

As a consequence, individuals working undercover could be identified, and national security could be jeopardised, argues FakeReporter.

"By exploiting the capability to upload engineered files, revealing the details of users anywhere in the world, hostile elements have taken one alarming step closer to exploiting a popular app in order to harm the security of citizens and countries alike," FakeReporter's executive director Achiya Schatz told The Guardian.

Worryingly, the surveillance technique manages to bypass some of the privacy features built into Strava.  For instance, although Strava users can set their profiles to be visible to “approved followers only”, individual runs must be individually secured or else a user's profile picture, first name and initial are shown on segments to encourage others to compete.

With enough segments scattered across the map, individuals can still be identified: one user, for instance, tracked their participation in a publicly reported race, which they won, as well as running in secure military establishments.

For its part, Strava says that it takes user privacy "very seriously", and allows users to make individual choices about what they decide to share.

"We recommend that all athletes take the time to ensure their selections in Strava represent their intended experience," says the company.

Back in early 2018, Australian researcher Nathan Ruser revealed that a new Strava heatmap feature was unwittingly revealing the movement patterns of security forces at military bases around the world, as soldiers jogged and patrolled.

tags


Author



Right now

Top posts

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Internet Service Providers Help Spyware Vendor Infect iOS and Android Devices Internet Service Providers Help Spyware Vendor Infect iOS and Android Devices
Vlad CONSTANTINESCU

June 24, 2022

2 min read
QNAP NAS Devices Vulnerable to Remote Attacks Through Critical PHP Flaw Exploit QNAP NAS Devices Vulnerable to Remote Attacks Through Critical PHP Flaw Exploit
Vlad CONSTANTINESCU

June 23, 2022

2 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021 Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021
Filip TRUȚĂ

June 22, 2022

1 min read