Strava App Flaw Reveals Israeli Secret Bases

A flaw in the popular fitness app Strava has recently allowed threat actors to uncover the location and movements of Israeli officials at secret bases. 

The full story can be read here:

https://www.bbc.co.uk/news/world-middle-east-61879383

FakeReporter, an Israeli group that combats malicious online activity, reported that a suspicious user named “Ez Shehl” had exploited these functions to upload fake GPS data to create route segments inside secret facilities associated with Israel’s military.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Tom Lysemose Hansen
Tom Lysemose Hansen , CTO and Co-founder
InfoSec Expert
June 22, 2022 12:47 pm

As with any application, no matter how innocuous, bad actors will probe for and exploit vulnerabilities in order to harvest sensitive data; in this case with serious national security implications.  

This story highlights a dilemma between users wanting social interaction via sharing their data and the privacy of that data. Quite simply, users cannot have their cake and eat it. As shown in this case, the use of cloud based storage will always pose a significant risk. We need to move to a model where data is mastered on device and is only shared with chosen individuals via a key exchange mechanism. With such an approach, nobody else, including Strava, would be able to read that data. However, with companies such as Strava seeing great value in user data this is clearly an unattractive business proposition.

Last edited 5 months ago by Tom Lysemose Hansen
1
0
Would love your thoughts, please comment.x
()
x