Fitness App Causes a Security Risk in High Ranking Military Officers and Spies
Polar Flow announced a halt to their Explore feature among security threats
Polar is a Finnish based fitness accessory company that focuses on smartwatches, bike computers and similar fitness devices. These devices are connected to their mobile application POLAR flow, the app allows you to track your workouts, daily activity and sleep. One of the most popular uses for the products is the product comes from their running features; users were able to explore their environment and the app would show distance and a host of other metrics. While this is a neat feature it is, unfortunately, unavailable right now because of security issues.
In a recently conducted report, Dutch publication De Correspondent found that bad actors could exploit the system and discover the locations of secret military sites and the information of high ranking military officials. This data includes names, home address, picture and real-time geolocation. The investigators say
“We found this information not through hacking or some other technological wizardry, but through a little clever searching in the online map that Polar makes available to anyone with an account. That map displays every run, bike ride, and swim its users have logged since 2014. Anyone with a basic understanding of computers and some common sense can find this information.”
Foeke Postma, a researcher that assisted with the investigation said,
“With only a few clicks, a high-ranking officer of an airbase known to host nuclear weapons can be found jogging across the compound in the morning. From a house not too far from that base, he started and finished many more runs on early Sunday mornings. His favourite path is through a forest, but sometimes he starts and ends at a car park further away. The profile shows his full name,”
Since the report, Polar has turned off the ‘explore’ feature of the app. Furthermore, they stress that no data was leaked and turning off the explore feature was purely a precautionary measure.
Moreover, in the report, De Correspondent reveals this isn’t an isolated issue and writes Strava fitness app had a similar feature, with similar consequences.
Going forward, we will see a lot more of these issues. The hyperconnected-ness of things there will bring many access points and an increase in the surface area of attack.
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, our services or just want to chat security please give us a shout. If you’re looking to guest blog, please send an email here.