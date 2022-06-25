Strava is an application that can be used to monitor sports and physical activity… and also to spy on armies. It has been discovered that someone, whose identity is not yet known, has been using the application to spy on members of the Israeli army, following their movements in secret bases from across the country and potentially watching them as they travel the world on official business.





Thanks to Strava’s geolocation tools, a user exercising on a top-secret base could be tracked at other military bases and from a foreign country. This serious case of espionage was discovered by the Israeli open source intelligence group FakeReporter.

The group’s executive director, Achiya Schatz, said: “We contacted the Israeli security forces as soon as we became aware of this security breach. After receiving approval from the security forces to proceed, FakeReporter got in touch with Strava, and they formed a top notch team to address the problem.”

Something worrying about the case is that it is not the first time that Strava has become an ally of military espionage. When it happened in the past, she decided to simplify the way we can change privacy settings.

How could espionage be carried out?

Strava is a social network that uses GPS location and is designed for athletes. It keeps track of your physical activity. It is based in San Francisco. One of its peculiarities is that there is the possibility of evaluating a segment of the trajectory with a ranking of the athletes who took the same segment. The user himself can create a segment of a registered route.

Thus, the tools are designed to allow anyone to define and compete on “segments”. Users can define a segment after uploading it from the Strava app, but they can also upload GPS recordings from other products or services. Well, the spies planted fake career “segments” located inside military bases. And that was how they were able to keep an eye on the people exercising on the bases.

Serious security flaws





The serious thing is that the application trips over the same stone: in 2018 a new Strava feature posted a visualization of all activity on the platform all over the world. The map showed popular running, biking, and swimming routes. But it also showed routes that were less public: the location and layout of multiple military bases in Helmand province (Afghanistan) could be seen clearly. Also a popular outdoor swimming spot next to RAF Mount Pleasant in the Falkland Islands. This app has also leaked personal data from its users.

The problem with segments that people upload is that Strava has no way of monitoring whether those GPS uploads are legitimate., and allows anyone to define a segment by uploading it, even if they haven’t been to the place they’re following. What is now known is that an anonymous user, whose location was “Boston, Massachusetts”, had created a series of fake segments in a series of Israeli military establishments,. Obviously, not everyone can access these places to play sports. But yes the military themselves.