Exercise app breach allows surveillance of Israeli soldiers, reveals army bases

i24NEWS

2 min read
An office worker looks at a map available on the fitness application Strava in Washington DC, the United States, on January 29, 2018.
Eric BARADAT / AFPAn office worker looks at a map available on the fitness application Strava in Washington DC, the United States, on January 29, 2018.

A fake user took advantage of the glitch

Nearly 100 Israeli army officers and defense officials had their personal details revealed in a security breach in the Strava exercise app, which also disclosed locations of secret army bases. 

The breach was discovered by the Israeli open source investigative group FakeReporter and was reported to the country’s government, according to Haaretz

Compromised data included names, photos and movements of the officers who used a popular running and hiking app, as well as locations of sensitive military sites in Israel, such as Mossad headquarters, secret army, air force and intelligence bases. 

The disinformation watchdog, that received a tip on a loophole in Strava's privacy settings, revealed that a fake user took advantage of the breach by disclosing identities of soldiers who run near sensitive military locations and creating a database of army sites. The user called Ez Shl was later removed after FakeReporter informed Strava and Israeli authorities.

“We take matters of privacy very seriously and have addressed the reported issues,” Strava was quoted as responding to the security breach.

Video poster

In 2018 a map created by Strava Labs to show paths created by users on the exercise app revealed sensitive information about American military personnel and their allies serving in Iraq, Afghanistan and Syria. The map showed routes taken by forces moving outside of bases, which could be used in planning bombings or ambushes. The Pentagon later banned deployed troops from using devices and applications with geolocation software, including fitness trackers. 

This article received 0 comments