Strava is a military security nightmare as US base locations are leaked by fitness fanatics
Strava, the running and cycling fitness tracking app, has unwittingly revealed some of the US Army’s most secure military bases simply by tracking the workout routes of military personnel.
If this information were to remain private to Strava, there wouldn’t have been much of a furore. However, last November it released a visualisation map containing all the anonymous activity tracked by its app users, placing these routes on a real-world map. Compiled of more than 3 trillion individual GPS data points, the map outlines every single activity ever uploaded to Strava, be it running or cycling or via devices like Fitbit or Android Wear.
Despite having gone live back in November, it took until this weekend for military analysts to notice that the map also provided enough information to identify secret military bases, all thanks to active military personnel using the app.
“If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous,” explained Nathan Ruser, an analyst at the Institute for United Conflict Analysts. Ruser also highlighted that certain tracks looked like “a regular jogging route”, and that it’s not just US bases that have been uncovered this way, Turkish and Russian locations also seem to have been exposed.
This data is so damaging to base security because, in many regions like Afghanistan, Djibouti and Syria, Strava users only appear to be foreign military personnel. As you may have figured out, this means foreign military bases stick out like a sore thumb on Strava’s map.
The Guardian points out that, by zooming into one of the larger bases in these regions, you can see the internal layout of the building and site, with tracked jogging routes clearly highlighted. The actual bases aren’t visible on Strava’s map, nor are they on the likes of Google Maps, Apple Maps or Bing Maps, yet these fitness tracked routes make it rather obvious where they’re located.
Numerous other bases, such as RAF Mount Pleasant in the Falklands can be seen, revealed by the cycling routes of active personnel, along with running patterns and even lakes that people apparently swim in.
What’s even more worrying is the discovery that, through a simple route scrape and sideline search, you can actually find a list of the people who run those routes, seeing where else they’ve run and even accessing their connected social media accounts. If you’re a particularly high-ranking member of the military, it could reveal your home address when you’re off duty, or even your living location on-base.
Strava revealed its map by stating that one of the most interesting aspects of it was how clearly it tracked out the layout and location of the Burning Man festival in Nevada. “The unique pentagonal pattern of Burning Man’s pop-up city is forever etched into the Heatmap, thanks to all the runners and cyclists who have used Strava to explore it,” it said in a blog post about the map. However, it looks like the data it didn’t even spot was actually a far more interesting topic of discussion.
It’s unclear exactly what the next steps are around this information leak, but it’s likely Strava will suddenly see a lot of active military personnel drop off its user list.
As military analyst Tobias Schneider points out, “A lot of people are going to have to sit through lectures come Monday morning”.