Physical Security Risk from Digital Footprint

Strava Map Exposes The Risk of Digital Footprint from Social Media

Strava, the popular app for tracking running, cycling and swimming exposes a national security risk.

Stratva’s heatmap of activity from users has been found to unearth the locations of U.S. military bases worldwide. The Strava story illustrates how your organization’s digital footprint is getting larger every day and how digital risk is hyper-accelerating.

Location, Staffing Levels and Primary Traffic Patterns Exposed

A public release of Strava’s data visualization map shows all the activity tracked by users of its app. The map, released in November 2017, claims to show every single activity ever uploaded to Strava – more than 3 trillion individual GPS data points. Sensitive information about location, staffing levels and primary traffic patterns of practically any physical site in the world is clearly discoverable. This immediately illuminates how personal Internet of Things (IoT) devices can increase digital risk to your organization by a third-party.

Social Media Exposes an OPSEC Vulnerability

However, the risk doesn’t stop there. Strava is a “social” fitness app. According to Strava, the app says you can “Track your rides and runs via your iPhone, Android or GPS device, analyze your performance, and compare with friends.” In our review of this application, end-users routinely link their Twitter, Instagram or Facebook profile to their Strava profile that is publicly accessible.

This creates a gateway for data collected by the Strava app to make it’s way into social media channels and Strava end-users to be discovered through mining social media. With context rich information in hand from social media and Strava profile information, nefarious actors can establish a “pattern of life” on a target. Bad actors will exploit this information to increase the likelihood of success of an attack targeting the cyber security or physical security of an organization or individual.

There is a growing demand for gadgets like Strava that bring value to us in different ways. As the Internet of Things (IoT) become more connected, it’s clearly evident that it is becoming increasingly difficult for even the most OPSEC oriented organizations to detect, analyze and mitigate all the opportunity that is being created for bad actors to exploit.

Understanding digital footprint isn’t just a cyber security problem anymore. To mitigate physical security risk to your organization, physical security program needs to incorporate the situational awareness of digital footprint and exposures. Digital footprint mapping applies to mission OPSEC, force protection, executive protection and general physical security. Learn how to reduce your attack surface with DigitalStakeout.