Photo Credit: Screenshot from https://labs.strava.com/heatmap
Australia's military said on Tuesday that a fitness tracking application did not breach security despite revelations that an interactive, online map using its data can show troop locations around the world.
The Pentagon announced this week that it was doing a broad review of how the US military forces use exercise trackers and other wearable electronic devices after the revelations about GPS tracking company Strava's application. Strava's online Global Heat Map shows the locations of its users.
Australian Defense Industry Minister Christopher Pyne said the Defense Department was preparing a report for the government on the matter. A department statement said it was aware of the possible risks of the collection of location data through personal electronic devices and apps.
"The circumstances of this application do not constitute a security breach," the statement said.
The issue was first publicised last weekend when Nathan Ruser, a 20-year-old student who is studying international security with a double major in Middle Eastern studies at Australian National University in Canberra, tweeted that "U.S. bases are clearly identifiable and mappable." It was later reported by The Washington Post.
The map uses satellite information to show the locations of subscribers to Strava's fitness service. The map shows activity from 2015 through September 2017.
Heavily populated areas are well lit, but warzones such as Iraq and Syria show scattered pockets of activity that could be caused by military or government personnel using fitness trackers as they move around. Those electronic signals could potentially identify military bases or other secure locations.
"Who knows if someone from any of the intelligence services noticed it before, but as far as I know, I'm the first person in public to put two and two together," Ruser told The Associated Press from Thailand, where he is visiting family.
He said more people were interested in the issue than he expected.
"I expected it to hang around pretty quietly in some of the open-source analyst circles, intelligence wonks would look at it and then for the government or the company to quietly fix the security vulnerabilities, but it's got pretty big," he added.
He called the map a "wakeup call."
"I wouldn't say it provides an acute security risk to any personnel because a lot of those bases are known and even though this map gives you a huge advantage if you were to prioritize targeting the base, none of America's current adversaries like ISIS can walk up to one of those bases and bomb it," he said.
Ruser said he had not been contacted by Strava or any security agency since his tweet attracted attention.