Image source: Strava

Strava app vulnerability reveals runs at secretive bases in Israel

A Strava app security vulnerability has revealed running tracks and other info at Israeli military intelligence facilities. As first reported by the BBC, a disinformation watchdog called FakeReported flagged up the problem.

The group that combats malicious online activity says that by uploading fake GPS data someone could create route segments inside Israel’s secret military facilities, the Mossad intelligence agency and the Shin Bet internal security service.

FakeReporter has done this and managed to expose identities and past routes of about 100 individuals at six different bases. In fact, it seems that one suspicious individual has also used this strategy to gain access to confidential data.

When a route is created for a run or cycle ride, users have the ability to review performance via the Strava scoreboard of those who follow the same route. A motivational tool, the idea is to compare your performance with others. But this has the potential to reveal info such as photos, home addresses and more of other individuals. Which is not a problem for most individuals, but it is a problem for military personnel!

Strava vulnerability
A running track at an Israeli military intelligence facility located in Moshav Ora

Strava has beefed up its privacy settings recently but it seemed that users could still be exposed publicly, even if their profiles are set to ‘private’. The company says it has addressed this security flaw now, following the FakeReporter investigation.

The Israeli military said it was “aware of the evolving threats in cyberspace” and that its “”rules and regulations are regularly reiterated and reinforced among those serving in sensitive positions.”

“By exploiting the capability to upload engineered files, revealing the details of users anywhere in the world, hostile elements have taken one alarming step closer to exploiting a popular app in order to harm the security of citizens and countries alike,” said FakeReporter in a statement.


Strava’s tracking functions have sparked security scares before

This is not the first time Strava has exposed sensitive military information. Its heat-map of activity inadvertently revealed places a couple of years ago that should have been kept under wraps. This includes US military locations in Iraq, Syria and Afghanistan.

Essential readingTop fitness trackers and health gadgets

San Francisco-based Strava has become one of the most popular fitness tracking apps around since its launch back in 2009. It takes data, including GPS co-ordinates, from a person’s mobile phone or wearable to track and map their exercise activity. 

Strava has around 80 million active users with about two million added each month. The software is also often used by soldiers who use fitness devices such as Fitbit and Garmin while they are out.

Like this article? Subscribe to our monthly newsletter and never miss out!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.