Fitness tracking app reveals sensitive information on US military bases

29 Jan 2018

An interactive map posted on the internet that tracks people who use fitness devices such as Fitbit also reveals highly sensitive information about the locations and activities of soldiers at US military bases, in what may be a major security oversight.

The Global Heat Map, published by the GPS tracking company Strava, makes use of satellite information to map the locations and movements of subscribers to the company's fitness service over a two-year period, by illuminating areas of activity.

According to Strava, it has 27 million users worldwide, including people who own widely available fitness devices such as Fitbit and Jawbone. It also has people who directly subscribe to its mobile app. The map is not live, and displays a pattern of accumulated activity between 2015 and September 2017.

Most parts of the US and Europe, where millions of people use some type of fitness tracker, show up on the map as light flashes due to the high level of activity.

In deserts and trouble spots like Iraq and Syria, the heat map becomes almost entirely dark apart from pinpricks of activity. When the map is zoomed, the areas brings into focus the locations and outlines of known US military bases, and also other unknown and potentially sensitive sites, presumably due to US soldiers and other personnel using fitness trackers as they move around.

Nathan Ruser, a 20-year-old Australian student and analyst for the Institute for United Conflict Analysts, tweeted on Saturday that the map made US bases "clearly identifiable and mappable."

"If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous. This particular track looks like it logs a regular jogging route. I shouldn't be able to establish any Pattern of life info from this far away," Ruser tweeted.