Wednesday, 26 September 2018
Latest news
Main » Polar fitness app exposed location of soldiers and government agents

Polar fitness app exposed location of soldiers and government agents

11 July 2018

Using the Polar fitness app, investigators were able to find the homes of soldiers and secret agents. It added that there had been no breach of private data and that it is now "analyzing the best options that will allow Polar customers to continue using the Explore feature while taking additional measures to remind customers to avoid publicly sharing Global Positioning System files of sensitive locations".

Now, according to Foeke Postma of Bellingcat, it seems that Polar - fellow fitness company and maker of the first wireless heart rate monitor for athletes - is revealing similarly sensitive data an an even more unsafe and accessible way.

As per reports by Bellingcat and De Correspondent, Polar's Explore tab had major shortcomings, one of them being public access to user location markings in any place across the globe. I also suggest not connecting your fitness tracker to any of your social media accounts on sites like Facebook and Twitter - as we know, those can also already collect a whole mess of data on their own.

The Explore component of Polar Flow was meant to show anonymous data on its users and their activities around the globe, displaying it in a similar fashion to the activity map that was responsible for Strava's woes earlier in the year.

"As people tend to turn their fitness trackers on/off when leaving or entering their homes, they unwittingly mark their houses on the map", Bellingcat wrote. But while Strava's information was only accessible via a user's profile page, Polar allowed you to select an interesting site, pick one of the profiles exercising there, and get a full workout history (going back to 2014) of that person. "We also learned the names and addresses of personnel at nuclear storage facilities, maximum security prisons, military airports where nuclear weapons are stored, and drone bases", the De Correspondent reporters noted. Polar showed his runs in several military bases spread throughout the Middle East, as well as the start and finish of dozens of exercises from a house in NY state.

The researchers shared their research with national defense departments around the world, intelligence agencies, Polar and other app makers.

Polar ultimately made a decision to disable the map on its website, preventing others from recreating this research.

The company said users can opt out of having their profiles shared with the public.

The researchers noted that it's harder to identify people and find their home addresses via the other apps, but that they managed to do it.

The investigation draws parallels with the Strava fitness app, which in January of this year was shown to reveal sensitive locations around the world.

"As always, check your app-permissions, try to anonymize your online presence, and, if you still insist on tracking your activities, start and end sessions in a public space, not at your front door". Even if all hoops had been jumped, data like names, locations and photos remain publicly available, and it is still possible to retrieve a user's ID and establish that different exercise sessions belonged to the same user.

Polar fitness app exposed location of soldiers and government agents