Thursday, 20 September, 2018

Fitness Tracker Polar Gives away Identities, Locations of Military, Intelligence Worldwide

Fitness tracker Polar gives away identities & locations of military intelligence worldwide U.S. army officers west of Mosul Iraq
Gustavo Carr | 11 July, 2018, 12:39

Polar is the manufacturer of such popular running watches like the Polar M200 and M400, as well as fitness-oriented smartwatches like the Polar M430 and M600, while its Polar Flow app is used to organize and view user data.

It allows users to track their fitness and sleep activity, analyze their progress, set fitness targets and get guidance, and connect with other fitness enthusiasts.

"Fitness devices and apps are just one more area where people need to be aware of what kind of data they are sharing, particularly as they strongly rely on sensitive data such as location and health-metrics", Postma concluded.

A big part of the problem appears to be that Polar allows users to view all the exercises of a particular individual if that person made a decision to share them publicly to Polar Flow's Explore map.

It's not all that long since fitness app Strava caused something of a security nightmare by inadvertently revealing the locations of numerous secret military bases.

As per a couple of reports last week, Polar's fitness tracking app seems to have given away location and personal information of users residing or working in confidential locations including secret military bases, intelligence agencies, law and order agencies, on submarines, and at nuclear power plants.

‘Hooyah! Mission accomplished’ greets Thai boys rescued from cave
A message posted on the English Premier League club's Twitter account said: "Our thoughts and prayers are with those affected". They received a treat on Tuesday: bread with chocolate spread that they had requested.

"By showing all the sessions of an individual combined onto a single map, Polar is not only revealing the heart rates, routes, dates, time, duration, and pace of exercises carried out by individuals at military sites, but also revealing the same information from what are likely their homes as well", explained Bellingcat. Now, investigative site Bellingcat has released an article stating that the Polar fitness tracker is an even worse security risk.

Sensitive information on Polar's Explore global activity map is revealed by locating a military base, selecting an nearby exercise to identify an attached profile and checking for other locations the individual had exercised in.

Among them are USA troops in Iraq, Syria, Guantanamo Bay, those deployed to the demilitarized zone separating the two Koreas, staffers at the Federal Bureau of Investigation and NSA, military intelligence and cyber security specialists and many others stationed at bases in Africa, South Asia and the Middle East. Unlike similar functionality to Garmin and Strava, Polar publishes more data every user.

However, the investigation claims that despite many users making their profiles private it was able to find user details due to "an oversight in the Polar app". And you can see where those runs start and stop. Now the vast majority of Polar customers maintain the default private profiles and private sessions data settings and are not affected in any way by this case.

Given that this would make it spectacularly easy to kidnap these people or even blow them up, it's not surprising that Polar has taken evasive action.