Q
Manage Learn to apply best practices and optimize your operations.

How did Strava's Global Heatmap disclose sensitive U.S. info?

Fitness tracking app Strava released its Global Heatmap that unknowingly disclosed routes of U.S. soldiers. Discover how this happened and how geolocation data can be blocked.

Strava, a fitness tracking app, recently released its Global Heatmap which exposed the fitness routes of U.S. soldiers...

in sensitive locations. What should organizations do to protect themselves against this kind of exposure? Can geolocation data like this somehow be blocked?

A top priority of the U.S. Department of Defense should be to periodically review its GPS policy, and it should focus on limiting the use of fitness trackers in sensitive locations overseas. Soldiers and Army personnel should be educated on preventing the exposure of their fitness data and routes to the Strava Inc. Global Heatmap that anyone can view.

Training on the use of fitness trackers should include how anonymity can be removed from the Strava Global Heatmap to identify soldier fitness, patrol and supply routes. Enemies could use the data to plan surprise attacks against "secret" military bases and outposts. With some changes to the data for demonstration purposes, the routes of U.S. military bases in Afghanistan and Syria serve as an example of this process.

Soldiers should also be trained on how to remotely clear data collected on lost or stolen fitness trackers. Likewise, all data on a smartphone should be encrypted to make it more difficult for enemies and hackers to bypass user authentication credentials. In order to remotely clear data on a lost smartphone, the user should have a laptop or another smartphone immediately available. On the other hand, sensitive data should never be stored on a microSD card as it cannot be remotely cleared.

In order to avoid this type of incident in the future, Strava simplified its procedure for opting out of geolocation data sharing, moved their privacy mode to the first page and recommended disabling location services.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question nowvia email. (All questions are anonymous.)

This was last published in May 2018

Dig Deeper on Mobile application security best practices

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What is your enterprise's policy on fitness trackers? Does the Strava Global Heatmap change anything?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close