Home Daily Brief Fitness App Reveals Locations of Military Personnel and Secret Bases

Fitness App Reveals Locations of Military Personnel and Secret Bases

Get started on your cybersecurity degree at American Military University.

By LTC Steven Howard, U.S. Army (Ret.)
Contributor, InCyberDefense

A recent investigation by Bellingcat revealed that the Polar fitness app made highly sensitive data publicly available and vulnerable to hackers. The app, made by a Finnish company, showed the geographic location of movements and exercises performed by its users, including military personnel.

The report states that investigative researchers were able to generate a list of almost 6,460 unique users collectively performing over 650,000 exercises at more than 200 sensitive sites. That information is in addition to other locations where those users live or had visited.

According to the report, “Users included a nuclear airbase officer, an intelligence officer at a U.S. Air Force base; Western military members in Afghanistan and Iraq; and employees at the NSA and FBI.”

How Hackers Can Use the Data from the Polar Fitness App

A malicious actor could select a location, perhaps a military base, and look for an exercise performed at that location. At that point, the actor could then pull up a user’s social media profile and identify the user.

Bad actors could also extrapolate a military member’s or government agent’s home address by examining that person’s jogging or biking routes.

Fitness App Manufacturer Suspends Global Activity Mapping Feature

Part of the responsibility for this security leak rests with military servicemembers’ chain of command. The command is responsible for enforcing good Operations Security (OPSEC) measures to ensure that friendly actions cannot be monitored by enemy intelligence efforts.

Since the investigation was published on July 8, Polar has suspended its global activity map feature.