Monday, July 4, 2022

Do popular fitness apps used by service members risk national security?

A recent Washington Post article highlighted concerns regarding the vulnerability of U.S. military personnel due to fitness tracking apps.

According to reports, by posting a “heat map” online, the fitness-tracking company Strava detailed the location activities of users, inadvertently including U.S. military bases in areas like Afghanistan and Iraq.

Though experts have been vocal in their warnings, the Post report brings tracking app privacy concerns back to the forefront.

Old Dominion University’s Michael Wu, director for the Center for Cybersecurity Education and Research, says he isn’t surprised that the military is concerned that sensitive information might be relayed by fitness-tracking apps.

“The fitness apps usually use GPS and motion sensor data to track users,” said Wu. “If the phone or app is compromised, the attacker is able to know the user’s daily routine activities — where s/he is, what s/he does, etc. This leads to privacy concerns and is obviously dangerous for military personnel.”

Fitness-tracking devices or apps monitor when a device is in motion or still, creating a trail of activity, or a map.

Only those using the Strava app, a “social network for athletes,” transmitted information. Strava made the maps, along with other personal data, widely available within its network as a way to encourage users to connect with one another.

Military officials say they are reviewing guidelines for what apps will be allowed on bases.

Though many Strava customers were surprised at the level of information available to such a wide audience, Wu says this is nothing new.

“Extensive studies have been reported recently to show possible attacks by exploiting sensors on smartphones and wearable devices,” he said.

So should people stop using fitness tracking apps altogether? Not necessarily.

“For most people, as long as we follow basic security principles to keep our phone secure and use only trusted fitness apps, it is fine to continue using them,” he said. “There is no perfectly secure system; neither is there a ‘silver bullet’ that can mitigate every possible attack. But if the information is not extremely valuable and the defense is strong enough, the attackers would lose incentive and motivation to attack it. On the other hand, attacks to sensitive military and government agencies are not based on economic incentives. As such, policies should be carefully reviewed to protect the security and safety of the individuals and organizations.”

Sarah Fearing
Sarah Fearing is the Assistant Editor at WYDaily. Sarah was born in the state of Maine, grew up along the coast, and attended college at the University of Maine at Orono. Sarah left Maine in October 2015 when she was offered a job at a newspaper in West Point, Va. Courts, crime, public safety and civil rights are among Sarah’s favorite topics to cover. She currently covers those topics in Williamsburg, James City County and York County. Sarah has been recognized by other news organizations, state agencies and civic groups for her coverage of a failing fire-rescue system, an aging agriculture industry and lack of oversight in horse rescue groups. In her free time, Sarah enjoys lazing around with her two cats, Salazar and Ruth, drinking copious amounts of coffee and driving places in her white truck.

Related Articles