20 Year-Old Student reveals Global Security Flaw
On Sunday, Nathan Ruser, a 20-year-old Australian student at Australian National University, found a new security flaw in global military outposts through the fitness app Strava. The app, used by military personnel and the intelligence community, has a “heat map” which shows the GPS locations of users worldwide. Ruser pointed out that the map can reveal activities of soldiers, as well as the locations of secret military bases.
The “heat map” was released by Strava in November 2017. This map alone does not show a precise location of users, and it would be difficult to spot the exact addresses of secret bases. However, any viewer can trace the activity lines of soldiers and officials on the map, which outlines an outpost. The satellite images are outdated, but with other reports, it is possible to spot such hidden locations.
Commercial maps, such as the Google Map and the Apple’s map do not show outposts that are concealed to the public. However, the “regular jogging route” of training soldiers on Strava can reveal approximate locations of these outposts.
While Ruser had tweeted that “US Bases are clearly identifiable and mappable,” due to “13 trillion GPS points from their users,” journalists and analysts worldwide have discovered more information than he had initially intended. A geometric shape in Djibouti suggests that there is a military base staffed with Strava users, who would likely be Western soldiers. The Guardian noted, “in locations like Afghanistan, Djibouti, and Syria, the users of Strava seem to be almost exclusively foreign military personnel, meaning that bases stand out brightly.”
The New York Times further reported that inside some compounds, officials are not allowed to bring their smartphones or fitbits, pointing out the absence of activities recorded by Strava in buildings like National Security Agency.
Many of the military constructions outlined in the Strava “heat map” were already publicly known. However, there were locations apparently new to security experts. Various online users have posted suspected locations of military bases on social media, and US and others are fighting against terrorist organizations in these countries.
In addition to GPS locations, Strava allows users to share photos of their workout locations. The Pentagon has distributed fitbits to military personnel, and the app is widely used by the community.
Ruser’s interest in the Syrian conflict was what ultimately led to the discovery. As a double major in International Security and Middle Eastern Studies and an analyst at the Institute of United Conflict Analysts, he tweeted with the intention of pointing out the security flaw to entities such as the U.S. government. “I expected it to languish in wonk circles and open source circles until the US government quietly fixed the problem, but instead it seems to have blown a lot more than I would have thought,” said Ruser in the Sydney Morning Herald.
Ruser currently has no plans “to be a Manning, or a Snowden, or an Assange,” but views his tweet as a contribution that will lead to better security of military worldwide. The Pentagon said it would review the situation as developments unfold.