BREAKING NEWS : Police in standoff with alleged armed suspect on South Wayne Avenue Full Story

Fitness app reveals info from military bases

A global heatmap from GPS-tracking company Strava that tracks people's exercise habits could pose security risks for military forces around the world.

Posted: Jan 30, 2018 5:44 AM
Updated: Jan 30, 2018 5:44 AM

The US Central Command says it's in the process of refining its privacy policies after it was reported that a fitness tracking app that maps people's exercise habits could pose security risks for security forces around the world.

Strava, which bills itself as "the social network for athletes" and allows its users to share their running routes, released a newly updated global heatmap last November. But experts and keen observers have recently realized its potential to reveal location patterns of security forces working out at military bases in remote locations.

Defense Secretary James Mattis has been made aware of the issue and the DoD is reviewing policy regarding smartphones and wearable devices, Pentagon spokesman Col. Rob Manning said on Monday.

"We take these matters seriously and we are reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of DoD personnel at home and abroad," Manning said.

He added that Mattis "has been very clear about not highlighting our capabilities to aid the enemy or give the enemy any advantage, so that would be our approach going in on this one as well."

Nathan Ruser, a 20-year-old Australian student and analyst for the Institute for United Conflict Analysts, noted on Twitter on Saturday that the map made US bases "clearly identifiable and mappable."

"If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous. This particular track looks like it logs a regular jogging route. I shouldn't be able to establish any Pattern of life info from this far away," Ruser tweeted.

In a statement to CNN, a spokesperson for US Central Command said it is constantly working to "refine policies and procedures to address such challenges."

"The coalition is in the process of implementing refined guidance on privacy settings for wireless technologies and applications, and such technologies are forbidden at certain coalition sites and during certain activities. We will not divulge specific tactics, techniques and procedures," the statement continued.

In addition, the statement said that Central Command maintains "confidence in our commanders' abilities to enforce established policies that enhance force protection and operational security with the least impact to our personnel."

The Army previously issued fitness trackers to officers, though it's unclear how many of these devices were synced to Strava's software.

In 2013, the Army issued Fitbit Flex wristbands to some 2,200 soldiers as part of its "Performance Triad" program, Military.com reported. In 2015, the program expanded: 20,000 soldiers and reservists across American bases within the continental US were tagged to participate, according to the Army Times.

In a post about the update in November, Strava said the update would include "six times more data than before -- in total one billion activities from all Strava data through September 2017." Strava boasts "tens of millions" of users, and according to the company, marked three trillion latitude/longitude points on the updated map. It tracks location data using GPS from Fitbits, cellphones, and other fitness tracking devices.

In response to inquiries about the Strava data, Pentagon spokeswoman Maj. Audricia Harris said "DoD takes matters like these very seriously and is reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of DoD personnel at home and abroad."

10,000 'screw-ups'

Scott Lafoy, an open-source imagery analyst, told CNN it's too early to truly assess how useful the data is.

"In terms of strategic stuff, we know all the bases there, we know a lot of the positions, this will just be some nice ancillary data," said Lafoy.

From the site, it's possible to identify individuals' running routes, and around military bases users had posted profile photos of themselves wearing military uniforms.

Tracking the timing of movements on bases could provide valuable information on patrol routes or where specific personnel are deployed, Lafoy said.

It could also pose a danger for government officials posted in dangerous locations, like diplomats, who may not be in as secure locations as military personnel.

"If the data is not actually anonymous, then you can start figuring out timetables and like some very tactical information, and then you start getting into some pretty serious issues," LaFoy said.

Strava said in a statement to CNN that the company is "committed to working with military and government officials to address sensitive areas that might appear."

"Our global heatmap represents an aggregated and anonymized view of over a billion activities uploaded to our platform. It excludes activities that have been marked as private and user-defined privacy zones. We are committed to helping people better understand our settings to give them control over what they share," the statement said.

Regardless of the data's usability, the fact that it's out there shows a lapse in protocol, one that likely has the potential to cost information and operation security personnel their jobs, Lafoy said.

"This is literally what 10,000 innocent individual screw-ups look like," he said. "A lot if it is going to be a good reminder to security services why you do opsec (operational security) and why you do manage this sort of thing, and everyone is going to really hope it doesn't get a couple people killed in the meantime."

Limiting public profiles

When zoomed out, the heatmap shows more populated and developed parts of the world nearly completely lit up. Remote areas and conflict zones are darker, but eagle-eyed observers have noticed small lights in some of the areas, potentially identifying military personnel.

Twitter users have identified locations including a suspected CIA base in Somalia, a Patriot missile defense system site in Yemen and US special operations bases in the Sahel region of Africa. CNN cannot independently verify these claims. Known military sites like Diego Garcia in the Indian Ocean and the Falkland Islands' RAF Mount Pleasant also show activity.

Multiple airports in Somalia show circles around airfields in the city. "Heavy jogging" at the airport in the capital of Mogadishu was spotted earlier by The Daily Beast's Adam Rawnsley.

The US Department of Defense said in response to the Strava data that "annual training for all DoD personnel recommends limiting public profiles on the internet, including personal social media accounts."

"Furthermore, operational security requirements provide further guidance for military personnel supporting operations around the world. Recent data releases emphasize the need for situational awareness when members of the military share personal information," said Pentagon spokeswoman Harris.

CORRECTION: This story has been updated to correct the location of Diego Garcia.

Indiana Coronavirus Cases

Data is updated nightly.

Cases: 701971

Reported Deaths: 13187
CountyCasesDeaths
Marion958051716
Lake51105939
Allen38867670
Hamilton34212404
St. Joseph33638539
Elkhart27021431
Vanderburgh22016393
Tippecanoe21602212
Johnson17408373
Porter17157297
Hendricks16711310
Clark12640190
Madison12287337
Vigo12139244
Monroe11336166
LaPorte10760204
Delaware10288184
Howard9606211
Kosciusko9051113
Hancock7922139
Bartholomew7839153
Warrick7671155
Floyd7533176
Wayne6871198
Grant6755168
Boone6517100
Morgan6362138
Dubois6068117
Marshall5743108
Dearborn566975
Cass5668102
Henry5558100
Noble536983
Jackson491869
Shelby476895
Lawrence4324118
Gibson426889
Harrison426070
Montgomery416286
Clinton415053
DeKalb405483
Huntington376480
Whitley374939
Miami371365
Knox364889
Steuben361357
Putnam351760
Wabash345877
Jasper344846
Adams337652
Ripley333268
Jefferson310779
White307154
Daviess288699
Wells284780
Decatur278592
Fayette276962
Greene269985
Posey268133
Scott259853
Clay252044
LaGrange250970
Randolph234380
Washington230329
Spencer227431
Jennings224447
Fountain207445
Sullivan207342
Starke201152
Owen191456
Fulton190439
Jay185529
Carroll185220
Perry179136
Orange176253
Rush170224
Vermillion165643
Franklin165135
Tipton160843
Parke143716
Blackford132631
Pike130034
Pulaski112945
Newton102834
Brown99340
Crawford96914
Benton95613
Martin82215
Warren78715
Switzerland7698
Union69510
Ohio55511
Unassigned0405

Ohio Coronavirus Cases

Data is updated nightly.

Cases: 1045945

Reported Deaths: 18917
CountyCasesDeaths
Franklin1214131352
Cuyahoga1060882061
Hamilton778281165
Montgomery49815988
Summit45000907
Lucas39675760
Butler37582568
Stark31296894
Lorain24038472
Warren23805291
Mahoning20777583
Lake19885362
Clermont19387228
Delaware17933130
Licking16066206
Fairfield15618196
Trumbull15500459
Medina14787259
Greene14593236
Clark13542288
Wood12664184
Portage12277194
Allen11281229
Richland11001198
Miami10500212
Muskingum8676127
Wayne8523209
Columbiana8515226
Pickaway8414120
Tuscarawas8347239
Marion8342135
Erie7509153
Ross6687145
Hancock6666123
Geauga6520146
Ashtabula6436164
Scioto6271100
Belmont5578158
Union555147
Lawrence5454102
Jefferson5271147
Huron5265113
Darke5256121
Sandusky5158119
Seneca5084118
Washington5056107
Athens497454
Auglaize473984
Mercer470084
Shelby454689
Knox4363108
Madison420458
Putnam419398
Ashland411586
Fulton406266
Defiance399496
Brown384855
Crawford3848100
Logan371976
Preble369298
Clinton359359
Ottawa354278
Highland345759
Williams321674
Champaign317856
Jackson306151
Guernsey305348
Perry289249
Fayette276748
Morrow274139
Henry262866
Hardin262663
Coshocton257857
Holmes252399
Van Wert238562
Gallia232946
Pike232331
Adams227152
Wyandot225553
Hocking208458
Carroll188547
Paulding168238
Meigs141138
Noble132537
Monroe128741
Morgan106423
Harrison104936
Vinton81314
Unassigned02
Fort Wayne
Cloudy
43° wxIcon
Hi: 47° Lo: 35°
Feels Like: 36°
Angola
Cloudy
43° wxIcon
Hi: 45° Lo: 32°
Feels Like: 35°
Huntington
Cloudy
44° wxIcon
Hi: 47° Lo: 37°
Feels Like: 38°
Fort Wayne
Cloudy
43° wxIcon
Hi: 48° Lo: 37°
Feels Like: 36°
Lima
Cloudy
44° wxIcon
Hi: 47° Lo: 38°
Feels Like: 36°
There will be more clouds around than sunshine for most of the day and highs will top out in the upper 40s.
WFFT Radar
WFFT Temperatures
WFFT National

Community Events