Fitness tracking app reveals military bases in Syria, Iraq

World
Europe

A fitness tracking software used by US and other military personnel is turning into a security nightmare with the Pentagon now conducting an investigation into its use.

A student in Australia first flagged the risks on Sunday in a post on Twitter about a new global heatwave map launched by US-based Strava Labs.

The map tracks the route taken by users of its fitness app but in the process also reveals details about the location and design of military bases in high-risk areas, as well as the routines of military staff.

Convoy of US forces armored vehicles passes near the village of Yalanli, on the western outskirts of the northern Syrian city of Manbij. /VCG Photo

“It looks very pretty, but not amazing for Op-Sec (operations security). US Bases are clearly identifiable and mappable,” Nathan Ruser, a student at Australian National University in Canberra, tweeted along with screenshots of the map.

View the map: Strava Global Heatmap

Most of the app's users are found in urban areas in the US, Europe and Asia. But in places like Syria and Iraq, only a few points of light stand out in remote regions, likely pointing out military bases where personnel would use such fitness tracking apps.

AFP news agency located “well-known military bases” where US forces and allied troops fighting ISIL have been stationed, such as in Iraq: Taji north of Baghdad, Qayyarah south of Mosul and Al-Asad in Anbar Province. It also noted lots of activity at Bagram Airfield north of Afghanistan’s capital Kabul.

CGTN screenshot of Nathan Ruser's Twitter account.

Security analyst Tobias Schneider on Twitter pointed out military sites in Syria as well as the Madama base used by French troops in Niger.

While the location of these bases may be well documented, the routes taken by military personnel when they exercise provide crucial information about the internal set-up of the bases and their daily routine. In other locations, it may point to a base that was previously unknown.

Such information can be used to carry out attacks against military personnel, security officials have warned.

So far, this does not seem to have been the case, according to the Pentagon. The tracking setting can also be turned off.

A woman jogs under the Brooklyn Bridge in New York on November 17, 2017. /VCG Photo

Still, the threat is very real. “The underlying data being freely uploaded to Strava is a security nightmare for governments around the world,” Jeffrey Lewis, director of the East Asia Nonproliferation Program at the US Middlebury Institute of International Studies, wrote in the Daily Beast.

Beyond US bases in Syria and Iraq, the Strava map provides insight into the headquarters of Taiwan’s missile command for instance, he noted.

While Strava is the only company to have released such a map, troves of data gathered by other tracking devices are also out there and could be accessed by hackers or foreign intelligence services, security analysts warn.

An aerial view of the Pentagon building in Washington, June 15, 2005. /VCG Photo

On Monday, the Pentagon said it was reviewing the use of fitness tracking apps and other devices.

"We are going to take a look at the Department-wide policy to ensure that we have operational security and force protection," Pentagon spokesman Colonel Rob Manning told reporters.

"Recent data releases emphasize the need for situational awareness."

The Pentagon also said in a statement that it was looking into whether additional steps were needed "to ensure the continued safety of DoD (Department of Defense) personnel at home and abroad."

(With input from agencies)