'Security Risk': Can Fitness Trackers Truly Expose Location of Top Secret Bases?

© REUTERS / Ammar AwadUS. army soldiers stand next a military vehicle in the town of Bartella, east of Mosul, Iraq, December 27, 2016
US. army soldiers stand next a military vehicle in the town of Bartella, east of Mosul, Iraq, December 27, 2016 - Sputnik International
The Pentagon is reviewing information that an online map, which shows the location of people using fitness trackers, also displayed sensitive military data, including possible locations of hi-tech force deployments in Iraq, Afghanistan and Syria. Sputnik discussed the issue with Edward Farrell from Mercury Information Security Services.

Sputnik: Here we have this situation that this fitness tracker, that is actually doing some good, is also causing some serious security issues, what can you say about this?

Edward Farrell: In its current form the security issues are relatively benign and the data in its current form is anonymized and at this point we haven't really been able to establish any factors around time, now that being said, data somewhere would exist that would allow us to identify information associated with an individual or you would also be able to associate the fitness actions that are taking place with a particular time. Now if those two data sets were correlated with the information we have which would fall in the realm of possibility that is when in fact there would be a security risk with the information we've seen presented.

Sputnik: The report says that you can determine not just the location of US bases, but the names, hometowns of US servicemen in Iraq, Afghanistan and Syria using the Strava map and other maps on the internet, now that would seem quite embarrassing and perhaps risky to see this kind of data publicly available, you just start to wonder why didn't the US military see this problem ahead of time and circumvent it?

READ MORE: DoD 'Reviewing Situation' After Fitness Trackers Reveal Military Bases Locations

Edward Farrell: […] For the most part the location of these facilities are reasonably well known and as I said before there's actually not been a close association with individual profiles and the data set that was being presented, it's still fairly anonymous, so being able to correlate this with individuals and then correlate their home location is actually in its current form not taking place, but it falls within the realm of possibility. I think is where the concern is going to lie, will this data be associated with individuals or time and events in due cause, I'm not sure with data we've seen so far that will be the case, but it certainly now has been a risk, it's been brought up and thankfully its actually been brought up before it's turned into: ‘Hey we've been able to track a specific individual or a specific event in time and associate it with an individual.’

Sputnik: How much do privacy issues really endanger US servicemen?

Edward Farrell: I would say significantly. We had an event several years ago where a photo was posted on social media that was what we call geotagged, so it actually gave the accurate location of US forces and their equipment and was also disclosed in a timely manner which led to a Taliban attack against a series of helicopters that were at a US base at the time. That was several years ago, which had in fact resulted in the US clamping down on the use of social media in war like situations. I think this has just been a new eventuality that has taken place that hasn't presented a significant risk at this stage, but certainly has the potential to do so. So they are aware of it and I think the Americans and certainly militaries worldwide are starting to learn and appreciate these risks as well.

Sputnik: There's different ways of people to become vulnerable as far as their location and other information, and you mentioned the social media aspect and a lot of social media allows you to check in or to use location information on that social media or its even automatic depending on which social media platform you're using, you have things like games, like the popular games, like Pokemon Go, are these sort of things allowed in the military?

Edward Farrell: I haven't seen any exploration around privacy in Pokemon Go but if we have a look at the United States say social media platforms, as these proliferate we can certainly see them being used by personnel in the US military and indeed leading into possibly inadvertent use in locations where they're not welcomed.

Sputnik: What's the problem with Pokemon Go is that is takes pictures of devices and that information is somewhere online, I'm not sure how secure that information is because it does go back to the platform, you know the game.

Edward Farrell: It does, as I said I haven't done substantial research into Pokemon Go, but I'm aware of a children's app from several years ago that had uploaded information and had not taken appropriate measures to protect that information from unauthorized disclosure. So once again this does fall in the realm of possibility that security measures haven't been taken by the owners of social media platforms to protect the information, and that being said we haven't seen that individual association with the time factor and the data that's being discussed to date for the use with the fitness tracker app but that could certainly as I said fall in the realm of possibility with the current data that we have or certainly other platforms as they're identified and associated with these environments.

The views and opinions expressed by Edward Farrell are those of the speaker and do not necessarily reflect Sputnik’s position.

To participate in the discussion
log in or register
Заголовок открываемого материала