Strava App Flaw Reveals Israeli Secret Bases

By   ISBuzz Team
Writer , Information Security Buzz | Jun 22, 2022 04:46 am PST

A flaw in the popular fitness app Strava has recently allowed threat actors to uncover the location and movements of Israeli officials at secret bases. 

The full story can be read here:

FakeReporter, an Israeli group that combats malicious online activity, reported that a suspicious user named “Ez Shehl” had exploited these functions to upload fake GPS data to create route segments inside secret facilities associated with Israel’s military.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Tom Lysemose Hansen
Tom Lysemose Hansen , CTO and Co-founder
June 22, 2022 12:47 pm

As with any application, no matter how innocuous, bad actors will probe for and exploit vulnerabilities in order to harvest sensitive data; in this case with serious national security implications.  

This story highlights a dilemma between users wanting social interaction via sharing their data and the privacy of that data. Quite simply, users cannot have their cake and eat it. As shown in this case, the use of cloud based storage will always pose a significant risk. We need to move to a model where data is mastered on device and is only shared with chosen individuals via a key exchange mechanism. With such an approach, nobody else, including Strava, would be able to read that data. However, with companies such as Strava seeing great value in user data this is clearly an unattractive business proposition.

Last edited 1 year ago by Tom Lysemose Hansen

Recent Posts

Would love your thoughts, please comment.x