Fitness App Polar Exposed Locations of Spies and Military Personnel (zdnet.com) 29
An anonymous reader writes: A popular fitness app that tracks the activity data on millions of users has inadvertently revealed the locations of personnel working at military bases and intelligence services. The app, Polar Flow, built by its eponymous company Polar, a Finnish-based fitness tracking giant with offices in New York, allowed anyone to access a user's fitness activities over several years -- simply by modifying the browser's web address. Although the existence of many government installations are widely known, the identities of their employees were not.
Not only was it possible to see exactly where a user had exercised, it was easy to pinpoint exactly where a user lived, if they started or stopped their fitness tracking as soon as they left their house. Because there were no limits on how many requests the reporters could make, coupled with easily enumerable user ID numbers, it was possible for anyone -- including malicious actors or foreign intelligence services -- to scrape the fitness activity data on millions of users. But they also found they could trick the API into retrieving fitness tracking data on private profiles.
Not only was it possible to see exactly where a user had exercised, it was easy to pinpoint exactly where a user lived, if they started or stopped their fitness tracking as soon as they left their house. Because there were no limits on how many requests the reporters could make, coupled with easily enumerable user ID numbers, it was possible for anyone -- including malicious actors or foreign intelligence services -- to scrape the fitness activity data on millions of users. But they also found they could trick the API into retrieving fitness tracking data on private profiles.
Re: (Score:2)
NSA and GCHQ cant set security conditions anymore. Contractors and staff have to be free to enjoy their electronic devices on any mission so they don't get upset.
Contractors and mil staff who get upset have a list of grievances.
Staff walk around and need a friend to talk to about the bad working conditions.
Other nations spies are only to happy to become friends and listen.
To stop that emotional build up of unhappiness contracto
Re: Nothing "inadvertent" about it (Score:1)
The only thing stupid was trusting s fitness company to have pay attention to keeping private profile information ptivate.
I agree, those who need to keep their locations secure should probably rethink any app or device that records activity. But, I also think the headline is a bit sensational.
But to bring the risk into focus for people in general. This kind of app could also let people know when your house may be empty by showing your workout routine.
Old news on /. (Score:5, Informative)
https://yro.slashdot.org/story... [slashdot.org]
https://tech.slashdot.org/stor... [slashdot.org]
Re: (Score:2)
Typewriter and gym with 1980's wrist watch that only tells time is looking like a very advanced security policy.
Re: (Score:3)
Re: (Score:2, Informative)
There's a significant difference. With Strava, the problem was that people were publishing data as public when they should not have been. This time, users have learned to mark private data as private, but it's getting leaked anyway.
Darwin. (Score:2)
I think this nicely illustrates what "survival of the fittest" really means. ;)
Nike+ web site no longer accessible - coincidence? (Score:2)
If memory serves, about the time frame that this news story first broke, Nike seemed to have taken down their website that had allowed users to take a look at their activity. I wonder if they were worried that they might have a similar problem.
French spies already went there (Score:2)
French DGSE [wikipedia.org] agency personal were already bitten by this kind of feature [www.rtl.fr].
Even is the data is not public,it can be hacked. It looks very unprofessional for spies and military to fall in this trap, especially given that there was a precedent.
Re: (Score:2)
If they don't relax they might get tempted away from the base and talk to waiting Russian spies about the working conditions and low pay.
Re: (Score:2)
I thought people working for them had to be intelligent. Apparently, I was wrong.
Should have used the stock "military intelligence is an oxymoron" gag instead to save time.
Uhm...news? (Score:2)
I've read this "news" a few months ago... or maybe a year ago.
Ha Ha (Score:1)
Spooks got played.