Australian National University student finds security threat in fitness app Strava
Source: Twitter/@Nrg8000

An Australian student has drawn attention to the fact that publicly available satellite imagery via the sport social media app Strava could be potentially compromising for secret military bases in war zones like Syria and Iraq.

The US based company’s Global Heatmap depicts some 1 billion activities spanning 200,000 years and 5 percent of all land on earth, depicting where its global “network of athletes” have been going.

Australian National University student Nathan Ruser – who is majoring in international security and the Middle East – first flagged that it might pose an issue for the security of military organisations when he tweeted about it on Saturday.

US Defence Secretary James Mattis on Monday ordered a review of security protocols in response to the matter.

“If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous,” he wrote on Twitter.

Homing in on one line of light in what looks like a desert, Ruser said “this particular track looks like it logs a regular jogging route. I shouldn’t be able to establish any Pattern of life info from this far away.”

Ruser’s tweets went viral, sparking international news coverage. The Washington Post picked up the story and reported that the US military was looking into the issue.

“I wondered, does it show US soldiers [in Syria]?” he said as quoted by the newspaper. “It sort of lit up like a Christmas tree.”

The Daily Beast journalist Adam Rawnsley found “heavy jogging activity” taking place in Somalia nearby where there is thought to be a secret Central Intelligence Service (CIA) base.

https://twitter.com/arawnsley/status/957360808392093697

As people began to realise the implications of Strava’s Heatmap, other media outlets and analysts identified other locations thought to be US military outposts.

“I’m surprised at how much mainstream attention the map has gotten,” Ruser told the Sydney Morning Herald on Monday. Strava has reportedly not responded to media requests for comment.

“I expected it to languish in wonk circles and open source circles until the US government quietly fixed the problem, but instead it seems to have blown up a lot more than I would have though,” said Ruser.

No security agencies had contacted him yet, he said. “I think that’s generally how they roll.”

The 20-year-old returns to university in a couple of weeks and told the SMH that he would be interested in working in the Australian intelligence community.

This story originally appeared on our sister website Asian Correspondent.