Members of the Security Group for the Presidency of the Republic (GSPR), who protect President Emmanuel Macron, have been inadvertently sharing their locations via the fitness app Strava.
This has made it possible to track Macron’s movements, according to an investigation by Le Monde*, as his bodyguards’ workout sessions were publicly visible. The issue highlights a significant security flaw, as similar vulnerabilities could affect other world leaders. This isn’t the first instance of such a breach; in 2018, the US military reviewed soldiers’ use of Strava after it exposed the locations of secretive bases.
Sadly, this comes as no surprise as this is not the first time that Strava (and also other social networks) pose a privacy or even physical security risk to their users. Back in 2018 it was misused to track and attack US military bases around the world due to the heatmap feature, which was introduced as far back as 2015.
Introduced as a feature to share training success and motivation to their peers, the feature update in 2017 raised eyebrows among the security community. Thanks to the high resolution of the updated heatmap, it seemed easy to track down individual activities – Strava even bragged about it in their press release – whilst many of its users did not fully realize the security issues.
It is therefore important for Strava users consider using the app privately and to think twice before activating the optional heatmap feature, especially if they’re suspicious of being stalked or work in a field of higher security requirements.
by Jake Moore, ESET
*ESET does not bear any responsibility for the accuracy of this information.
ESET Ireland 