American troops’ personal information has been compromised by another fitness app.
Polar, a GPS-enabled fitness tracking app, published a wide array of data including maps, tracked movement and personal information, the Washington Examiner reported this week.
A joint investigation carried out by Bellingcat and Dutch journalism platform De Correspondent discovered data history back to 2014 that revealed the locations of service members’ homes and their movements around the world – including on military bases and secret locations.
Workout data from Polar Flow fitness app has been used to identify the location government spies and military personnel working in sensitive places: https://t.co/pXkJjRtEYr @Gizmodo @ajdell pic.twitter.com/hSV1C7mYVl
— AlienVault (@alienvault) July 9, 2018
The Bellingcat report found that, “compared to the similar services of Garmin and Strava [fitness apps], Polar publicizes more data per user in a more accessible way, with potentially disastrous results.”
“As people tend to turn their fitness trackers on/off when leaving or entering their homes, they unwittingly mark their houses on the map. Users often use their full names in their profiles, accompanied by a profile picture,” the report said.
Polar manufactures the world’s first wireless heart rate monitor, and it has become a widely used device and platform. Users share their fitness activity, including routes traveled when walking, running and biking.
With Polar, one can navigate to a single location anywhere in the world, and see a list of all users with fitness activity in that location. By then selecting the profile, one can obtain every recorded fitness activity since 2014 on a single map.
Through the Polar app, one can make a few clicks to navigate to a military base in Afghanistan. By selecting a user active in the area, one can view a user, which is often accompanied by a profile photo and full name.
By looking at their fitness history, one can view every location where that user logged a fitness activity – including the time and date, exact route, heart rate and calories burned during the session.
Polar announced: “We are analyzing the best options that will allow Polar customers to continue using the Explore feature while taking additional measures to remind customers to avoid publicly sharing GPS files of sensitive locations.”
Polar has temporarily suspended the “Explore API” feature, which allows globally shared fitness activity.
In January, it was reported that another fitness app, Strava, revealed highly sensitive and secret location data around the world.
Strava had published a “heatmap” showing satellite images of users’ fitness routes, with lighter areas of the map showing heavier usage in that area.
Nathan Ruser, a 20-year-old Australian analyst for the Institute for United Conflict Analysts, found the Strava heatmap online and pondered its impact on military security.
“Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). … It looks very pretty, but not amazing for Op-Sec. U.S. Bases are clearly identifiable and mappable,” he said in a January tweet.
Nathan Ruser (Twitter)
Strava and Garmin require one to select a user’s profile to view separate fitness activity sessions with separate maps in a limited history.
However, Polar’s data is considered far more dangerous.
