Exposing a Global Security Flaw in Strava’s Heat Map

Technology > Security

Photo By vs148 via Shutterstock


Little did Nathan Ruser realize that his Twitter post about the possibility of Strava’s heat map revealing the location of military sites in Syria and elsewhere could raise such a ruckus, according to Isabella Kwai of the New York Times.

But his post did boomerang across the Internet, gaining the attention of security experts, who said rogue elements could gather valuable intelligence from Strava’s heat map.

Ruser himself was surprised at the reception given to his post, adding that nobody could have thought that global cybersecurity could be compromised by a Fitbit.

The 20-year-old student of international security at Australian National University in Canberra admitted that he is not a Strava user, but religiously follows the conflict in Syria, and uses maps to understand new stories better.

He said that when he looked Syria up on Strava’s heat map, it just lit up with the US bases. The heat map collects location data from millions of users, including military personnel who share their exercise activity on the Strava exercise app. As many as 1 billion exercise activities, including running and cycling routes, are collected from persons wearing Fitbits or other wearable fitness trackers.

Ruser, a native of Sydney, Australia, plans to study for a semester in Myanmar before he graduates in 2019. He has written a very lengthy essay about the pro-government militia in Myanmar, and plans to send it to Bellingcat (a citizen journalism website) when he’s finished with it.

Ruser hopes that the Australian intelligence community would see his expose as a positive contribution, stating that he is not interested in becoming another Manning, Snowden or Assange.

Before posting his tweet, Ruser consulted a private chat group on Twitter which focuses on intelligence and security issues.

John Blaxland, one of Ruser’s professors, praised his former student, saying Ruser had taken it to heart and gone on his own. Blaxland confessed that Ruser did well in his class.

On the other hand, Danielle Cave, a senior analyst at the Australian Strategic Policy Institute, said that Twitter is increasingly playing a big role in open-source intelligence.