Fitness App Polar Exposed Locations of Spies and Military Personnel (zdnet.com) 29

Posted by msmash on Sunday July 08, 2018 @12:11PM from the privacy-woes dept.

An anonymous reader writes: A popular fitness app that tracks the activity data on millions of users has inadvertently revealed the locations of personnel working at military bases and intelligence services. The app, Polar Flow, built by its eponymous company Polar, a Finnish-based fitness tracking giant with offices in New York, allowed anyone to access a user's fitness activities over several years -- simply by modifying the browser's web address. Although the existence of many government installations are widely known, the identities of their employees were not.

Not only was it possible to see exactly where a user had exercised, it was easy to pinpoint exactly where a user lived, if they started or stopped their fitness tracking as soon as they left their house. Because there were no limits on how many requests the reporters could make, coupled with easily enumerable user ID numbers, it was possible for anyone -- including malicious actors or foreign intelligence services -- to scrape the fitness activity data on millions of users. But they also found they could trick the API into retrieving fitness tracking data on private profiles.

Fitness App Polar Exposed Locations of Spies and Military Personnel

This discussion has been archived. No new comments can be posted.

Load All Comments

Search 29 Comments Log In/Create an Account

Comments Filter:

- Re: (Score:2)
  
  by AHuxley ( 892839 ) writes:
  
  Re 'And why isn't telling them to not do that part of the basic training?"
  NSA and GCHQ cant set security conditions anymore. Contractors and staff have to be free to enjoy their electronic devices on any mission so they don't get upset.
  Contractors and mil staff who get upset have a list of grievances.
  Staff walk around and need a friend to talk to about the bad working conditions.
  Other nations spies are only to happy to become friends and listen.
  
  To stop that emotional build up of unhappiness contracto
- Re: Nothing "inadvertent" about it (Score:1)
  
  by Anonymous Coward writes:
  
  The only thing stupid was trusting s fitness company to have pay attention to keeping private profile information ptivate.
  I agree, those who need to keep their locations secure should probably rethink any app or device that records activity. But, I also think the headline is a bit sensational.
  But to bring the risk into focus for people in general. This kind of app could also let people know when your house may be empty by showing your workout routine.
Old news on /. (Score:5, Informative)

by schwit1 ( 797399 ) writes: on Sunday July 08, 2018 @03:19PM (#56912906)

https://yro.slashdot.org/story... [slashdot.org]
https://tech.slashdot.org/stor... [slashdot.org]

- - Re: (Score:2)
    
    by AHuxley ( 892839 ) writes:
    
    Data sets just keep on giving. Contractors everywhere are always online.
    Typewriter and gym with 1980's wrist watch that only tells time is looking like a very advanced security policy.
- Re: (Score:3)
  
  by CaseCrash ( 1120869 ) writes:
  
  Thank you, my first thought was "Didn't this happen months ago?" I guess this is another company and no one learned their lesson last time :P
  - Re: (Score:2, Informative)
    
    by Anonymous Coward writes:
    
    There's a significant difference. With Strava, the problem was that people were publishing data as public when they should not have been. This time, users have learned to mark private data as private, but it's getting leaked anyway.
Darwin. (Score:2)

by Gravis Zero ( 934156 ) writes:

I think this nicely illustrates what "survival of the fittest" really means. ;)
Nike+ web site no longer accessible - coincidence? (Score:2)

by haus ( 129916 ) writes:

If memory serves, about the time frame that this news story first broke, Nike seemed to have taken down their website that had allowed users to take a look at their activity. I wonder if they were worried that they might have a similar problem.
French spies already went there (Score:2)

by manu0601 ( 2221348 ) writes:

French DGSE [wikipedia.org] agency personal were already bitten by this kind of feature [www.rtl.fr].
Even is the data is not public,it can be hacked. It looks very unprofessional for spies and military to fall in this trap, especially given that there was a precedent.
- Re: (Score:2)
  
  by AHuxley ( 892839 ) writes:
  
  But think of the need for the contractors to relax after a long days government work.
  If they don't relax they might get tempted away from the base and talk to waiting Russian spies about the working conditions and low pay.
- Re: (Score:2)
  
  by tehcyder ( 746570 ) writes:
  
  I thought people working for them had to be intelligent. Apparently, I was wrong.
  Should have used the stock "military intelligence is an oxymoron" gag instead to save time.
Uhm...news? (Score:2)

by ( 4475953 ) writes:

I've read this "news" a few months ago... or maybe a year ago.
Ha Ha (Score:1)

by maxbuzz ( 1535157 ) writes:

Spooks got played.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Fitness App Polar Exposed Locations of Spies and Military Personnel (zdnet.com) 29

Fitness App Polar Exposed Locations of Spies and Military Personnel More Login

Fitness App Polar Exposed Locations of Spies and Military Personnel

Re: (Score:2)

Re: Nothing "inadvertent" about it (Score:1)

Old news on /. (Score:5, Informative)

Re: (Score:2)

Re: (Score:3)

Re: (Score:2, Informative)

Darwin. (Score:2)

Nike+ web site no longer accessible - coincidence? (Score:2)

French spies already went there (Score:2)

Re: (Score:2)

Re: (Score:2)

Uhm...news? (Score:2)

Ha Ha (Score:1)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot