Users of fitness tracker app Strava revealed recently that the app’s global visual heat map can actually show where military men and women work out, inadvertently revealing undercover military places in different parts of the world. In Singapore, screenshots of heatmap images of paths, trails and roads in Gomak Base, where the Ministry of Defense is located, as well as training centres on Paya Lebar Air Base and Pulau Tekong, have already been uploaded on social media by users of the app.
However, experts say that the best way to mitigate such breaches is to adapt to this technology.
Fitness app Strava made the news lately, when concerns that the public user data the app uses for its global visual heatmap could accidentally lead to security breaches, as it allowed not only for the location of military installations to be revealed, but also the possible identification of individuals within these installations, as well as when their operations take place.
Days after news of this concern broke, Singaporean netizen Muhd Amrullah uploaded on Facebook photos of the locations of Singapore’s defense and training programs, using the app. Mr. Abdullah wrote, “I spent less than 20 minutes figuring out the patrol paths, supply routes, trails and roads within Gombak Base, where the Ministry of Defence in Singapore is situated.Given the area is a highly sensitive place and Google Maps actually blurred out key details of the area since it’s a red zone, you can still figure out and get lots of intel with the trove of data that recruits/staff share publicly everyday within… likely from their smartwatch or health trackers.”
Security experts admit that revealing the location of military operations could potentially be a serious threat, as this may become the cause of an actual invasive action against the military. However, experts emphasized that the nature of equipment and arms inside the locations are unknown, as well as how to penetrate these locations. They further gave the assurance that measures are in place to ensure that highly sensitive information would not be leaked. Dr Graham Ong-Webb, security and military expert, said, “We have a layered security approach to help mitigate the risk of perpetration, attacks, compromise, breaches and so on – and it’s serving us well.”
Meanwhile, Strava has sought to assure the public that the heatmap excludes “activities marked as private and user-defined privacy zones,” and CEO James Quarles further assured the public in an open letter on January 29 that they would make the changes necessary in the app to ensure that people with would not use the app for ill intentions, and that the company would work with government and military officials concerning sensitive information.
This gives different government security options, since banning geolocating apps and devices seems to be an unlikely solution.
Dr. Ong-Webb said, “We could get in touch with Strava to impose certain requirements, to block out certain spaces on our national map, and if they fail to do that we cannot allow their products into Singapore.”
He further noted that there will arise a number of other geolocating services aside from Strava, and planing a ban or regulating this kind of technology, although this would be the simplest way to avoid further breaches, would be an ineffective and impractical solution.
Mr Foo Siang-tse, the managing director of security services provider Quann, said that “people are the most vulnerable aspect of security,” and that “device users need to be taught to enable the appropriate privacy settings so that such information is not shared openly.”
Certain areas in military installations would have to be zones where people turn off their devices. But more importantly, military and security experts would also have to adapt to these widespread technologies, and to be able to continue to use them to everyone’s advantage.
Some netizens urged for Singapore to make security a top priority
Others commented that many other technologies made such breaches possible
Still others were confident that Singapore can protect itself