Israel: Jogging app exposes location of military base
Tue, 06/21/2022 – 11:21
Running app Strava has been used to spy on members of the Israeli military by tracking their movements across secret bases around the country.
According to Haaretz, roughly 100 Israeli army officers or defence officials’ details, including names, photos and movements, were available to outsiders.
Users could place fake running “segments” inside military bases and monitor individuals exercising on the grounds, including those with the most robust privacy settings.
The app also revealed the locations of susceptible sites in Israel, including army and airforce bases, Mossad headquarters and military intelligence bases.
Read More »
The app’s tracking tools allow anyone to define and compete over “segments”, which are short sections of a run or a bike ride that can be traced over.
Users can then select a segment after uploading it from the app or through GPS recordings from other products – however, Strava has no way of tracking whether the GPS is legitimate.
The loophole that was discovered by the Israeli open-source group FakeReporter found that a user took advantage of the glitch and created a small database of military bases.
The group’s executive director, Achiya Shatz, told the Guardian, “We contacted the Israeli security forces as soon as we became aware of this security breach. After receiving approval from the security forces to proceed, FakeReporter contacted Strava, and they formed a senior team to address the issue.”
In a statement also seen by the Guardian, Strava said, “We take matters of privacy very seriously and have been made aware by an Israeli group, FakeReporter, of a segment issue regarding a specific user account and have taken the necessary steps to remedy this situation.
“We provide readily accessible information regarding how information is shared on Strava, and give every athlete the ability to make their own privacy selections. For more information on all of our privacy controls, please visit our privacy centre as we recommend that all athletes take their time to ensure their selections in Strava represent their intended experience.”
But this is not the first time Strava accidentally gave away a military base.
In 2018, Strava published a “heatmap” which showed the paths of its user log, but through that, the map also showed US military bases in countries including Syria and Afghanistan.