Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Privacy

Fitness App Polar Exposed Locations of Spies and Military Personnel (zdnet.com) 29

An anonymous reader writes: A popular fitness app that tracks the activity data on millions of users has inadvertently revealed the locations of personnel working at military bases and intelligence services. The app, Polar Flow, built by its eponymous company Polar, a Finnish-based fitness tracking giant with offices in New York, allowed anyone to access a user's fitness activities over several years -- simply by modifying the browser's web address. Although the existence of many government installations are widely known, the identities of their employees were not.

Not only was it possible to see exactly where a user had exercised, it was easy to pinpoint exactly where a user lived, if they started or stopped their fitness tracking as soon as they left their house. Because there were no limits on how many requests the reporters could make, coupled with easily enumerable user ID numbers, it was possible for anyone -- including malicious actors or foreign intelligence services -- to scrape the fitness activity data on millions of users. But they also found they could trick the API into retrieving fitness tracking data on private profiles.

This discussion has been archived. No new comments can be posted.

Fitness App Polar Exposed Locations of Spies and Military Personnel

Comments Filter:
  • Old news on /. (Score:5, Informative)

    by schwit1 ( 797399 ) on Sunday July 08, 2018 @03:19PM (#56912906)
    • Thank you, my first thought was "Didn't this happen months ago?" I guess this is another company and no one learned their lesson last time :P
      • Re: (Score:2, Informative)

        by Anonymous Coward

        There's a significant difference. With Strava, the problem was that people were publishing data as public when they should not have been. This time, users have learned to mark private data as private, but it's getting leaked anyway.

  • I think this nicely illustrates what "survival of the fittest" really means. ;)

  • If memory serves, about the time frame that this news story first broke, Nike seemed to have taken down their website that had allowed users to take a look at their activity. I wonder if they were worried that they might have a similar problem.

  • French DGSE [wikipedia.org] agency personal were already bitten by this kind of feature [www.rtl.fr].

    Even is the data is not public,it can be hacked. It looks very unprofessional for spies and military to fall in this trap, especially given that there was a precedent.

    • by AHuxley ( 892839 )
      But think of the need for the contractors to relax after a long days government work.
      If they don't relax they might get tempted away from the base and talk to waiting Russian spies about the working conditions and low pay.
  • I've read this "news" a few months ago... or maybe a year ago.

  • Spooks got played.

No spitting on the Bus! Thank you, The Mgt.

Working...