Strava, a fitness tracking app, recently released its Global Heatmap which exposed the fitness routes of U.S. soldiers in sensitive locations. What should organizations do to protect themselves against this kind of exposure? Can geolocation data like this somehow be blocked?
A top priority of the U.S. Department of Defense should be to periodically review its GPS policy, and it should focus on limiting the use of fitness trackers in sensitive locations overseas. Soldiers and Army personnel should be educated on preventing the exposure of their fitness data and routes to the Strava Inc. Global Heatmap that anyone can view.
Training on the use of fitness trackers should include how anonymity can be removed from the Strava Global Heatmap to identify soldier fitness, patrol and supply routes. Enemies could use the data to plan surprise attacks against "secret" military bases and outposts. With some changes to the data for demonstration purposes, the routes of U.S. military bases in Afghanistan and Syria serve as an example of this process.
Soldiers should also be trained on how to remotely clear data collected on lost or stolen fitness trackers. Likewise, all data on a smartphone should be encrypted to make it more difficult for enemies and hackers to bypass user authentication credentials. In order to remotely clear data on a lost smartphone, the user should have a laptop or another smartphone immediately available. On the other hand, sensitive data should never be stored on a microSD card as it cannot be remotely cleared.
In order to avoid this type of incident in the future, Strava simplified its procedure for opting out of geolocation data sharing, moved their privacy mode to the first page and recommended disabling location services.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question nowvia email. (All questions are anonymous.)
Dig Deeper on Mobile application security best practices
Related Q&A from Judith Myerson
GE reported an improper authentication flaw in its PulseNet network management software for critical infrastructures. Discover how this flaw works ... Continue Reading
Researchers claim to have found a new attack against VMs that affects SEV technology. Expert Judith Myerson explains what this attack is and how it ... Continue Reading
The Wi-Fi Alliance released the updated WPA3 protocol, adding security enhancements to the Wi-Fi access process. Learn why enterprises should update ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.