Polar's fitness app exposed its users' sensitive location details

Running data from the popular Polar Flow app could show sensitive military details

Running data from the popular Polar Flow app could show sensitive military details

The vulnerability that allowed virtually anyone to identify individuals working at top-secret locations, such as military bases overseas, by sifting through exercise regimens of people in that area, has been jointly reported by Bellingcat and the Netherlands' De Correspondent.

An investigation by a group of Dutch journalists found that the app Polar Flow made joggers' runs public on an online map accessible for all users.

Just six months after competing fitness tracking company Strava came under fire for revealing the location of United States military bases, Finnish wearable company Polar has experienced similar privacy concerns and has suspended its "Explore" service as a result.

A study by the three news organisations determined that it is possible to use Polar's Flow app to track down the home addresses of military and intelligence personnel.

In all, the investigation was able to identify almost 6,500 people across 69 countries at locations including NSA, the White House, MI6 and Guantanamo Bay.

Croatia ends Russia's run, advances to World Cup semifinals
But if the rest of his team-mates don't pick up their performances, it may end up being inconsequential what he does. Captain Luka Modric is expected to partner Ivan Rakitic in the midfield, while Mandzukic will lead the attack line.

This could be done by looking at past routes on a single map, which may seem harmless enough, however Bellingcat claims that "Polar is not only revealing the heart rates, routes, dates, time, duration and pace of exercises" but "a$3 s people tend to turn their fitness trackers on/off when leaving or entering their homes, they unwittingly mark their houses on the map". The security concerns arose from the fact that anyone could use the map to find sensitive installations and see if any users' workouts end at these locations.

The investigation found the names and addresses of personnel from multiple intelligence agencies including the NSA, US Secret Services and MI6.

Polar has issued a statement addressing the security loophole, clarifying that there has been no leak or breach of private data, and has apologized for the suspension of its Explore feature.

"We are analyzing the best options that will allow Polar customers to continue using the Explore feature while taking additional measures to remind customers to avoid publicly sharing Global Positioning System files of sensitive locations", Polar said in the statement. Now the vast majority of Polar customers maintain the default private profiles and private sessions data settings and are not affected in any way by this case.

Making your data really private on Polar Flow used to require a number of non-obvious steps, which most users apparently either didn't know about or didn't bother with. However, the researchers discovered a flaw in the app that could be exploited to get information from users who had their profile set to private.

Noticias recomendadas

Nos complace brindar esta oportunidad para compartir información, experiencias y observaciones sobre lo que está en las noticias.
Algunos de los comentarios se pueden reimprimir en otras partes del sitio o en el periódico.
Gracias por tomarse el tiempo para ofrecer sus pensamientos.