This completely crazy story is all over Twitter now. It all starts with 3 simple words: Fitbit, GPS and Strava

in security •  7 years ago  (edited)

To understand whole story, and its implications, lets first summarize what is behind these 3 words.

1. What is Fitbit

Fitbit is a brand of fitness tracker, used to monitor and record various physical activities. It has various forms from clip, bracelet and watches to earphones. It uses GPS technology to receive precise location and calculate the movement. It can also share some of its data online.

2. What is GPS

This one you probably know already. Acronym GPS stands for Global Positioning System, a satellite-based navigation system consisting of a network of 24 orbiting satellites. This navigation system can calculate any position on the planet with accuracy <1m. GPS is used in many consumer and governmental devices from your phone and car to airliner.


3. What is STRAVA

Strava is mobile app and website to enhance the experience of sport and connect millions of athletes from around the world. Apart of the standard functionality, Strava collect some user generated data from Fitbit network, to interconnect the users and help to create detailed analysis.


The Story begins

One day Strava laboratory decided, that can be interesting to visualize the huge amount of user generated data from Fitbit network and after applying various filtering and correcting procedures, correlate them with the real maps to create Global Heatmap of human activities.

Their global heat-map is the largest, richest, and most beautiful dataset of its kind. It is a direct visualization of Strava’s global network of  athletes. 

Data they used

  •  1 billion activities
  • 3 trillion latitude/longitude points
  • 13 trillion pixels rasterized
  • 10 terabytes of raw input data
  • A total distance of 27 billion km (17 billion miles)
  • A total recorded activity duration of 200 thousand years
  • 5% of all land on Earth covered by tiles

Track & Analyze

November 1, 2017  Strava Labs announced public access to their database. People all over the world start scouting their maps for popular running routes, evaluating their neighborhood fitness activities, looking for patterns in urban areas or simply enjoying the beauty of created heat-map.

What can go wrong?

The whole issue with #Strava started when couple of users start reporting that this database is also showing data which should probably stay hidden. Not in the way that Strava Lab did something wrong or that Fitbit system was sending more data than it should, they both did exactly what they were supposed to do. 

The problem was coming from the users of such activity trackers.


Now I leave you with examples of what such heat-map accidentally exposed and how severe some of the security implications can be.
If you find any interesting ones please comment.

Examples: (all images are from twitter with their original comment)









You can check the Strava heat-map by yourself on this website - Strava Heatmap. If you find something interesting share it with us .

 Did you find this article informative, interesting or missing something?  

security strava privacy army infosec
7 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.00
    2 votes
    0
    Authors get paid when people like you upvote their post.
    If you enjoyed what you read here, create your account today and start earning FREE STEEM!