U.S. service members have again been put at risk by a GPS-enabled fitness app that published a trove of mapping data and personal information on troops, according to a report.
The Polar app allows users to track movements of troops and other U.S. personnel on secretive sites, identify their homes and see their movements around the globe going back to 2014, a joint investigation between Bellingcat and the Dutch journalism site De Correspondent found.
The company said it has temporarily suspended the feature due to the concerns. That comes just months after another app, Strava, prompted the Pentagon to review the use of GPS social networks because it revealed information about the workings of military sites.
“Compared to the similar services of Garmin and Strava, Polar publicizes more data per user in a more accessible way, with potentially disastrous results,” according to the Bellingcat report.
In conjunction with @decorrespondent and Bellingcat, @FoekePostma uncovered how the Polar fitness app has similar vulnerabilities as Strava, revealing sensitive information. https://t.co/Jq7vOTVVfT
— Bellingcat (@bellingcat) July 8, 2018
That data can be used to track the lives and identify the homes of personnel at U.S. intelligence agencies, military bases, nuclear weapons storage sites, and embassies.
Users can search for exercises performed at a particular military base and then find an attached profile, Bellingcat reported. All of a particular user’s exercise sessions can be viewed on a single global map going back to 2014.
“As people tend to turn their fitness trackers on/off when leaving or entering their homes, they unwittingly mark their houses on the map. Users often use their full names in their profiles, accompanied by a profile picture,” according to the site.
Military personnel have been advised to limit public profiles on social media, Pentagon spokesperson Maj. Audricia Harris said in a statement to the Washington Examiner.
“We are aware of the potential impacts of devices that collect and report personal and locational data,” Harris said. “Recent data releases emphasize the need for situational awareness when members of the military share personal information.”
Polar said it was aware that potentially sensitive locations are appearing in public and made the decision to temporarily suspend its Explore API feature, which it says is used by athletes around the world to share workout accomplishments.
“We are analyzing the best options that will allow Polar customers to continue using the Explore feature while taking additional measures to remind customers to avoid publicly sharing GPS files of sensitive locations,” the company said in a statement.
It said the vast majority of its customers use private profiles, keep their exercise sessions private and are not affected.
