This Week in Security: Strava-stalking, The Undead Spyware Company, and Facebook Gets Into Cybersecurity Policy

Lack of Finesse Over Fitness Tracking

Last weekend, Strava Labs released their global heat map of collected fitness tracking app data, much to the chagrin of the Internet. This data has been proudly collected since 2015 using over 1 billion activities since September 2017 and features quite an awesome set of collected data from fitness devices such as Fitbits, and honestly features some quite impressive big data measurements and statistics.

However, within this massive haystack of information were some very sensitive needles. Strava made sure to sanitize the data to prevent individual’s personal data from being leaked, although the location data was not scrubbed to prevent interesting geolocational data from being discovered. This triggered a huge response from many online analysts including Nathan Ruser who was quick to point out that the heat map gave away potential locations of secret military bases and patrols of their personnel.

Not only are military personal at risk; the map provides enough detail for individuals to identify and track jogging or bike paths of individuals based on their locale. This kind of data could easily allow persistent individuals to track people based on their daily habits.

Many are wondering how this data was collected. As it turns out, like many of these cases, the data your device uses and collects is sent to a third party as well as the device manufacturer. Strava obtains this third-party information and collects the data as your devices synch back to the Internet. Luckily for most of these devices, this information can be disabled by using their corresponding mobile application or configuration settings. 

As more and more devices become connected to the Internet, information such as this will become more readily available to more people. Albeit this information can be great for determining ways for benefiting others (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Cylance Research and Intelligence Team. Read the original post at: Cylance Blog