Polar’s popular fitness app inadvertently revealed military personnel’s addresses

Not good


Just six months after competing fitness tracking company Strava came under fire for revealing the location of U.S. military bases, Finnish wearable company Polar has experienced similar privacy concerns and has suspended its "Explore" service as a result.

It's not all that long since fitness app Strava caused something of a security nightmare by inadvertently revealing the locations of numerous secret military bases.

The vulnerability that allowed virtually anyone to identify individuals working at top-secret locations, such as military bases overseas, by sifting through exercise regimens of people in that area, has been jointly reported by Bellingcat and the Netherlands' De Correspondent.

"With only a few clicks, a high-ranking officer of an airbase known to host nuclear weapons can be found jogging across the compound in the morning", Postma said.

Among them are U.S. troops in Iraq, Syria, Guantanamo Bay, those deployed to the demilitarized zone separating the two Koreas, staffers at the Federal Bureau of Investigation and NSA, military intelligence and cyber security specialists and many others stationed at bases in Africa, South Asia and the Middle East.

This isn't the first time a tracking app has come under fire for potentially revealing military bases and staff routines.

Being able to identify service personnel who are often not in uniform so as not to attract terrorist attention and potential attacks through the Polar site poses grave risks, Postma warned. These are now common every day devices, but the software they use and the data they share is revealing some of the most secretive locations in the world as well as detailed profiles of the people who work there.

Postma noted that even when users tighten privacy controls for sharing their exercise routines with others, the Polar website still leaks a considerable amount of data.

By showing all the sessions of an individual combined onto a single map, Polar is not only revealing the heart rates, routes, dates, time, duration, and pace of exercises carried out by individuals at military sites, but also revealing the same information from what are likely their homes as well.

Making your data really private on Polar Flow used to require a number of non-obvious steps, which most users apparently either didn't know about or didn't bother with.

The Explore component of Polar Flow was meant to show anonymous data on its users and their activities around the globe, displaying it in a similar fashion to the activity map that was responsible for Strava's woes earlier in the year.

Polar has since suspended its "explore" map and stated there was no data breach, as the data obtained was from public and not private profiles.

Latest News