Fitness-Monitoring App Strava Used to Snoop On Israeli Soldiers

Agencies use the Strava fitness-tracking application to keep a watch over the Israeli army. They track their actions, secret locations across the country and watch their every movement.

Now an Israeli open source operation titled ‘Fake Reporter’ stated that the identified surveillance campaign was used to collect the data set of 100 individuals who were in the secret military bases.

The renowned Strava application permits fitness enthusiasts in defining the segments or portions of the road along with the trail where the athletes can compare their timings. The segments are either directly created by the Strava app or by uploading the GPS data from multiple services.

ALSO READ: Google Warned Against Italian Spyware That Can Hack iPhone & Android Smartphones

However, Strava has no information whether the GPS data uploaded to its service is legal or if a segment developed using that information is legitimate.

Alarm bells went ringing after a particular collection of such allegedly manufactured parts were posted on internet by a user who claimed to be in Boston, Massachusetts but was infiltrating Israeli military installations, intelligence agency outposts, and ostensibly secure bases linked to Israel’s nuclear program.

ALSO READ: Spy App Exposes Data Including Pictures From Users’ Phones

‘Fake Reporter’ claimed through a series of tweets that an individuals’ personal information, including information about their family members, coworkers, home locations, and history of international travel, was disclosed while they were working in classified facilities.

‘Fake Reporter’ contends that as a result, persons operating covertly might be discovered, endangering the safety of Israel.

According to Achiya Schatz, executive director of Fake Reporter, “hostile elements have taken an alarming step closer to exploiting a popular app to harm the security of citizens and countries alike by exploiting the ability to upload engineered files, revealing the details of users anywhere in the world”.

Unsettlingly, the spying method can get through some of Strava’s privacy protections.

ALSO READ: Sextortion Campaign: Hackers Demand Money From Victims Or Else Leak ‘Private Moments Captured By Pegasus Spyware’

For instance, while Strava users have the option to enable their profiles to be available to “approved followers only,” individual runs must be manually guarded to prevent the display of a user’s profile image, first name, and initial on segments to motivate other users to compete.

One user, for example, tracked their participation in a publicly reported race, which they won, as well as running in secure military facilities. With enough segments dispersed across the map, individuals can still be identified.

ALSO READ: Pegasus: Here Is All You Need To Know About The Ultimate Israeli Spyware

For its part, Strava claims to take user privacy “extremely seriously” and gives users the freedom to choose their privacy settings.

According to the business, “We urge that all athletes take the time to ensure that their options in Strava reflect their desired experience.”

Earlier in 2018, Australian researcher Nathan Ruser had reported that a new Strava heat map feature was accidentally disclosing the movement patterns of security forces as they ran and patrolled military locations throughout the world.

Follow The420.in on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube