BREAKING NEWS : Fort Wayne police investigate shooting on Sherman Boulevard Full Story
SEVERE WX : Severe Thunderstorm Watch View Alerts

Fitness app reveals info from military bases

A global heatmap from GPS-tracking company Strava that tracks people's exercise habits could pose security risks for military forces around the world.

Posted: Jan 30, 2018 5:44 AM
Updated: Jan 30, 2018 5:44 AM

The US Central Command says it's in the process of refining its privacy policies after it was reported that a fitness tracking app that maps people's exercise habits could pose security risks for security forces around the world.

Strava, which bills itself as "the social network for athletes" and allows its users to share their running routes, released a newly updated global heatmap last November. But experts and keen observers have recently realized its potential to reveal location patterns of security forces working out at military bases in remote locations.

Defense Secretary James Mattis has been made aware of the issue and the DoD is reviewing policy regarding smartphones and wearable devices, Pentagon spokesman Col. Rob Manning said on Monday.

"We take these matters seriously and we are reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of DoD personnel at home and abroad," Manning said.

He added that Mattis "has been very clear about not highlighting our capabilities to aid the enemy or give the enemy any advantage, so that would be our approach going in on this one as well."

Nathan Ruser, a 20-year-old Australian student and analyst for the Institute for United Conflict Analysts, noted on Twitter on Saturday that the map made US bases "clearly identifiable and mappable."

"If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous. This particular track looks like it logs a regular jogging route. I shouldn't be able to establish any Pattern of life info from this far away," Ruser tweeted.

In a statement to CNN, a spokesperson for US Central Command said it is constantly working to "refine policies and procedures to address such challenges."

"The coalition is in the process of implementing refined guidance on privacy settings for wireless technologies and applications, and such technologies are forbidden at certain coalition sites and during certain activities. We will not divulge specific tactics, techniques and procedures," the statement continued.

In addition, the statement said that Central Command maintains "confidence in our commanders' abilities to enforce established policies that enhance force protection and operational security with the least impact to our personnel."

The Army previously issued fitness trackers to officers, though it's unclear how many of these devices were synced to Strava's software.

In 2013, the Army issued Fitbit Flex wristbands to some 2,200 soldiers as part of its "Performance Triad" program, Military.com reported. In 2015, the program expanded: 20,000 soldiers and reservists across American bases within the continental US were tagged to participate, according to the Army Times.

In a post about the update in November, Strava said the update would include "six times more data than before -- in total one billion activities from all Strava data through September 2017." Strava boasts "tens of millions" of users, and according to the company, marked three trillion latitude/longitude points on the updated map. It tracks location data using GPS from Fitbits, cellphones, and other fitness tracking devices.

In response to inquiries about the Strava data, Pentagon spokeswoman Maj. Audricia Harris said "DoD takes matters like these very seriously and is reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of DoD personnel at home and abroad."

10,000 'screw-ups'

Scott Lafoy, an open-source imagery analyst, told CNN it's too early to truly assess how useful the data is.

"In terms of strategic stuff, we know all the bases there, we know a lot of the positions, this will just be some nice ancillary data," said Lafoy.

From the site, it's possible to identify individuals' running routes, and around military bases users had posted profile photos of themselves wearing military uniforms.

Tracking the timing of movements on bases could provide valuable information on patrol routes or where specific personnel are deployed, Lafoy said.

It could also pose a danger for government officials posted in dangerous locations, like diplomats, who may not be in as secure locations as military personnel.

"If the data is not actually anonymous, then you can start figuring out timetables and like some very tactical information, and then you start getting into some pretty serious issues," LaFoy said.

Strava said in a statement to CNN that the company is "committed to working with military and government officials to address sensitive areas that might appear."

"Our global heatmap represents an aggregated and anonymized view of over a billion activities uploaded to our platform. It excludes activities that have been marked as private and user-defined privacy zones. We are committed to helping people better understand our settings to give them control over what they share," the statement said.

Regardless of the data's usability, the fact that it's out there shows a lapse in protocol, one that likely has the potential to cost information and operation security personnel their jobs, Lafoy said.

"This is literally what 10,000 innocent individual screw-ups look like," he said. "A lot if it is going to be a good reminder to security services why you do opsec (operational security) and why you do manage this sort of thing, and everyone is going to really hope it doesn't get a couple people killed in the meantime."

Limiting public profiles

When zoomed out, the heatmap shows more populated and developed parts of the world nearly completely lit up. Remote areas and conflict zones are darker, but eagle-eyed observers have noticed small lights in some of the areas, potentially identifying military personnel.

Twitter users have identified locations including a suspected CIA base in Somalia, a Patriot missile defense system site in Yemen and US special operations bases in the Sahel region of Africa. CNN cannot independently verify these claims. Known military sites like Diego Garcia in the Indian Ocean and the Falkland Islands' RAF Mount Pleasant also show activity.

Multiple airports in Somalia show circles around airfields in the city. "Heavy jogging" at the airport in the capital of Mogadishu was spotted earlier by The Daily Beast's Adam Rawnsley.

The US Department of Defense said in response to the Strava data that "annual training for all DoD personnel recommends limiting public profiles on the internet, including personal social media accounts."

"Furthermore, operational security requirements provide further guidance for military personnel supporting operations around the world. Recent data releases emphasize the need for situational awareness when members of the military share personal information," said Pentagon spokeswoman Harris.

CORRECTION: This story has been updated to correct the location of Diego Garcia.

Indiana Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 74328

Reported Deaths: 3041
CountyConfirmedDeaths
Marion15860725
Lake7570275
Elkhart484384
Allen3902163
St. Joseph350081
Hamilton2763104
Vanderburgh196313
Hendricks1887108
Cass17959
Johnson1757118
Porter131639
Clark123347
Tippecanoe121111
Madison97965
LaPorte91130
Howard89065
Kosciusko85212
Bartholomew79347
Marshall78422
Floyd77946
Monroe75630
Delaware73052
Dubois69612
Boone67846
Noble67829
Hancock66038
Vigo65110
Jackson5865
Warrick58130
LaGrange55910
Shelby55327
Grant52630
Dearborn50828
Morgan47634
Clinton4343
Henry38320
Wayne37710
White36910
Montgomery35421
Lawrence34627
Harrison33823
Decatur33732
Putnam2888
Miami2742
Daviess27320
Scott26810
Greene25034
Jasper2432
Franklin24214
DeKalb2324
Gibson2254
Jennings22512
Steuben2103
Ripley2087
Carroll1912
Fayette1897
Perry18612
Starke1787
Orange17124
Posey1710
Wabash1693
Fulton1682
Wells1682
Jefferson1632
Knox1540
Whitley1526
Washington1401
Tipton13810
Spencer1363
Sullivan1261
Huntington1223
Randolph1224
Clay1215
Newton11810
Adams1012
Jay910
Owen901
Pulaski831
Rush804
Fountain742
Brown731
Ohio655
Blackford642
Benton610
Pike530
Switzerland520
Vermillion520
Parke511
Crawford450
Martin450
Union410
Warren221
Unassigned0206

Ohio Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 100848

Reported Deaths: 3669
CountyConfirmedDeaths
Franklin18317524
Cuyahoga13514499
Hamilton9643255
Lucas5348323
Montgomery436294
Summit3555222
Butler292963
Marion292545
Mahoning2554255
Pickaway238742
Stark1827139
Warren178939
Lorain177078
Columbiana165860
Trumbull1524106
Fairfield138732
Delaware130119
Licking128149
Clark114614
Lake111438
Wood104358
Clermont93311
Medina92335
Miami83938
Tuscarawas78214
Portage75861
Allen74044
Greene69012
Belmont62126
Mercer61213
Richland60412
Erie57527
Ashtabula56946
Geauga55644
Wayne53958
Ross4844
Huron3965
Darke39529
Ottawa38626
Hancock3783
Sandusky37716
Madison37410
Athens3571
Holmes3286
Lawrence2830
Auglaize2546
Union2511
Muskingum2361
Jefferson2292
Scioto2261
Seneca2143
Knox2057
Putnam20517
Preble2032
Washington20322
Shelby1944
Coshocton1936
Champaign1762
Crawford1745
Morrow1702
Hardin16512
Clinton1646
Highland1581
Logan1552
Fulton1481
Wyandot1468
Ashland1443
Defiance1444
Williams1353
Perry1303
Brown1292
Hocking1189
Guernsey1177
Henry1172
Fayette1130
Carroll1115
Monroe9318
Pike760
Jackson740
Van Wert711
Paulding690
Gallia651
Adams612
Meigs400
Vinton312
Harrison261
Morgan260
Noble160
Unassigned00
Fort Wayne
Clear
86° wxIcon
Hi: 90° Lo: 69°
Feels Like: 93°
Angola
Scattered Clouds
84° wxIcon
Hi: 89° Lo: 67°
Feels Like: 91°
Huntington
Broken Clouds
86° wxIcon
Hi: 87° Lo: 68°
Feels Like: 94°
Decatur
Clear
84° wxIcon
Hi: 87° Lo: 68°
Feels Like: 88°
Van Wert
Clear
84° wxIcon
Hi: 85° Lo: 68°
Feels Like: 88°
Storms Monday Night
WFFT Radar
WFFT Temperatures
WFFT National

Community Events