US Pentagon scrambles after Strava base leaks. Here's a summary of the new rules: 'Secure that s***, Hudson!'

What a Strava-palava

By Iain Thomson in San Francisco

Posted in Personal Tech, 29th January 2018 22:33 GMT

The American military has ordered a review of its grunts' personal electronics – after the Strava fitness app used by soldiers revealed base locations and other operational security gaffes.

In November, the exercise-tracking software maker released a "heatmap" to show where in the world people were using the application to monitor their daily workouts.

Unfortunately, because not all users marked their training information private, the map revealed military bases and the jogging routes of personnel. It also highlighted dangerously stupid explorers, and the data allowed viewers to drill down into an individual's fitness stats.

In response, the Pentagon has urged servicemen and women to lock down the privacy settings on their apps – which, er, they should really have done in the first place. Meanwhile, top brass will come up with new rules, if necessary.

"We take these matters seriously, and we are reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of Department of Defense personnel at home and abroad," Army Colonel Robert Manning III said at a Pentagon news conference on Monday.

"DoD personnel are advised to place strict privacy settings on wireless technologies and applications. The heat map incident re-emphasizes the need for service members to be cautious about what data to share via wearable electronic devices."

You'd have thought the Green Machine would be up on this already, given how America's enemies have blundered into this sort of opesec gotcha in the past. In 2015, a Daesh-bag fighter published a picture of his fellow terror bastards on social media with location data included in the snap – and 22 hours later, Uncle Sam showed him the real meaning of photobombing with three very large explosives sending him to the next world.

Russian military authorities also got caught out the year before. In 2014, with Russia denying its troops were invading Ukraine, its soldiers posted several selfies that location data showing were within the, er, Ukrainian borders.

As always, check the privacy settings of your apps – and not just Strava's. ®

Updated to add

Strava is having a rethink about how it shares people's data – and urged folks to check their applications settings while it works "with military and government officials to address potentially sensitive data."

"Many team members at Strava and in our community, including me, have family members in the armed forces," said CEO James Quarles. "Please know that we are taking this matter seriously and understand our responsibility related to the data you share with us."

Sign up to our NewsletterGet IT in your inbox daily

34 Comments

More from The Register

JEDI mind tricks: Brakes slammed on Pentagon's multibillion cloud deal

This may not be the vendor you're looking for – explain yourself to get your funding

Pentagon on military data-nomming JEDI cloud mind trick: There can be only one (vendor)

Unless offerings 'become... seamlessly integrated'

Pentagon in uproar: 'China's lasers' make US pilots shake in Djibouti

Begun, the laser wars have, it is claimed

US techies: We want to see Pentagon's defence of winner-takes-all cloud contract

Industry calls on DoD to publish procurement report on single vendor award

Pentagon sticks to its guns: Yep, we're going with a single cloud services provider

Oracle's Catz: I chatted to Trump about plan, it 'makes no sense'

Google assisting the Pentagon in developing AI for its drones

TensorFlow APIs are being used for object detection

HPE coughed up source code for Pentagon's IT defenses to ... Russia

Updated FSB buddies pinky-swore to let ArcSight know of any flaws discovered

Pentagon trumpets successful mock-ICBM interception test

If they know where it comes from and how fast it's going: America defends against itself

Hack the Pentagon shutters 100 bugs

1,400 white hats jostle for vulns

Pentagon anti-missile-on-missile test actually WORKS, for once

Vid Shhh! Nobody tell President Bannon you need lots of science to make this work