Strava Map Exposes The Risk of Digital Footprint from Social Media
Stratva’s heatmap of activity from users has been found to unearth the locations of U.S. military bases worldwide. The Strava story illustrates how your organization’s digital footprint is getting larger every day and how digital risk is hyper-accelerating.
Location, Staffing Levels and Primary Traffic Patterns Exposed
A public release of Strava’s data visualization map shows all the activity tracked by users of its app. The map, released in November 2017, claims to show every single activity ever uploaded to Strava – more than 3 trillion individual GPS data points. Sensitive information about location, staffing levels and primary traffic patterns of practically any physical site in the world is clearly discoverable. This immediately illuminates how personal Internet of Things (IoT) devices can increase digital risk to your organization by a third-party.
Social Media Exposes an OPSEC Vulnerability
Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable pic.twitter.com/rBgGnOzasq
— Nathan Ruser (@Nrg8000) January 27, 2018
However, the risk doesn’t stop there. Strava is a “social” fitness app. According to Strava, the app says you can “Track your rides and runs via your iPhone, Android or GPS device, analyze your performance, and compare with friends.” In our review of this application, end-users routinely link their Twitter, Instagram or Facebook profile to their Strava profile that is publicly accessible.
This creates a gateway for data collected by the Strava app to make it’s way into social media channels and Strava end-users to be discovered through mining social media. With context rich information in hand from social media and Strava profile information, nefarious actors can establish a “pattern of life” on a target. Bad actors will exploit this information to increase the likelihood of success of an attack targeting the cyber security or physical security of an organization or individual.
There is a growing demand for gadgets like Strava that bring value to us in different ways. As the Internet of Things (IoT) become more connected, it’s clearly evident that it is becoming increasingly difficult for even the most OPSEC oriented organizations to detect, analyze and mitigate all the opportunity that is being created for bad actors to exploit.
Understanding digital footprint isn’t just a cyber security problem anymore. To mitigate physical security risk to your organization, physical security program needs to incorporate the situational awareness of digital footprint and exposures. Digital footprint mapping applies to mission OPSEC, force protection, executive protection and general physical security. Learn how to reduce your attack surface with DigitalStakeout.