Strava, a fitness tracking app, recently released its Global Heatmap which exposed the fitness routes of U.S. soldiers in sensitive locations. What should organizations do to protect themselves against this kind of exposure? Can geolocation data like this somehow be blocked?
A top priority of the U.S. Department of Defense should be to periodically review its GPS policy, and it should focus on limiting the use of fitness trackers in sensitive locations overseas. Soldiers and Army personnel should be educated on preventing the exposure of their fitness data and routes to the Strava Inc. Global Heatmap that anyone can view.
Training on the use of fitness trackers should include how anonymity can be removed from the Strava Global Heatmap to identify soldier fitness, patrol and supply routes. Enemies could use the data to plan surprise attacks against "secret" military bases and outposts. With some changes to the data for demonstration purposes, the routes of U.S. military bases in Afghanistan and Syria serve as an example of this process.
Soldiers should also be trained on how to remotely clear data collected on lost or stolen fitness trackers. Likewise, all data on a smartphone should be encrypted to make it more difficult for enemies and hackers to bypass user authentication credentials. In order to remotely clear data on a lost smartphone, the user should have a laptop or another smartphone immediately available. On the other hand, sensitive data should never be stored on a microSD card as it cannot be remotely cleared.
In order to avoid this type of incident in the future, Strava simplified its procedure for opting out of geolocation data sharing, moved their privacy mode to the first page and recommended disabling location services.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question nowvia email. (All questions are anonymous.)
Dig Deeper on Mobile application security best practices
Related Q&A from Judith Myerson
Kea, an open source DHCP server, was issued a medium security advisory for a flaw that causes memory leakage in version 1.4.0. Discover the ... Continue Reading
ES&S admitted it installed the insecure remote access program pcAnywhere on election management systems. Learn what pcAnywhere is and what this risk ... Continue Reading
Siemens disclosed six Siclock flaws that were found within its central plant clocks. Discover why three flaws have been rated critical and how threat... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.