Fitness app highlights sensitive military positions around the world

A fitness tracking company published a "heatmap" which showed the exercise routes of military personnel in bases around the world

The movements of soldiers within Bagram air base in Afghanistan
The movements of soldiers within Bagram air base in Afghanistan

A fitness tracking company Strava accidentally revealed sensitive military positions in a data visualisation it published in 2017.

Security concerns have been raised after the firm showed the exercise routes of military personnel in bases around the world.

Strava published a “heatmap” showing the paths its users log as they run or cycle.

It appears to show the structure of foreign military bases in countries including Syria and Afghanistan as soldiers move around them.

The centre of Pyongyang, North Korea
The centre of Pyongyang, North Korea

The US military was examining the heatmap, a spokesman said.

Stava uses the collected data, as well as that from fitness devices such as Fitbit and Jawbone, to enable people to check their own performances and compare them with others.

In a statement, Strava said: “Our global heatmap represents an aggregated and anonymised view of over a billion activities uploaded to our platform. It excludes activities that have been marked as private and user-defined privacy zones.

Strava’s response has come too late for some, however, as militaries around the world contemplate banning fitness trackers to prevent future breaches.

CHQ in Cheltenham, England (Photo: Strava)
CHQ in Cheltenham, England (Photo: Strava)

The news broke out when Nathan Ruser, a 20-year-old Australian university student came across the map while browsing a cartography blog last week.

He realised that a large number of military personnel on active service had been publicly sharing their location data and realised that the highlighting of such exercises as regular jogging routes could be dangerous.

"I just looked at it and thought, 'oh hell, this should not be here - this is not good,'" he told the BBC.

"I thought the best way to deal with it is to make the vulnerabilities known so they can be fixed. Someone would have noticed it at some point. I just happened to be the person who made the connection."

More in World

Get access to the real stories first with the digital edition

Subscribe