Actions
Forum Thread Details
  • Replies 8 replies
  • Subscribers 500 subscribers
  • Views 920 views
  • Users 0 members are here
Related

Security Issues

mcb1

So we've had this discussion before, and now it would seem the problem has come to a head.

 

https://edition.cnn.com/2018/01/28/politics/strava-military-bases-location/index.html

 

The military seems to be using Fitness Trackers, and they have been passing on the GPS co-ordinates while the troops do their exercise.

A Strava heatmap of Baidoa Airport in Somalia.

 

Some very interesting notes in this discussion are :-

 

Nathan Ruser, a 20-year-old Australian student and analyst for the Institute for United Conflict Analysts, noted on Twitter on Saturday that the map made US bases "clearly identifiable and mappable."

 

In 2013, the Army issued Fitbit Flex wristbands to some 2,200 soldiers as part of its "Performance Triad" program, Military.com reported. In 2015, the program expanded: 20,000 soldiers and reservists across American bases within the continental US were tagged to participate, according to the Army Times.

 

 

In NZ we have a great advertising campaign by Tui Brewries.

Where a statement is made and then negated ...

 

https://i.pinimg.com/originals/19/bd/2d/19bd2db486b88f6529aa074fbffe5249.jpg

The popularity has made it a common use term "Tui's Billboard"

 

So it seems this sending data into the cloud is a really great idea - Not!

 

 

Mark

  • It never ceases to amaze me how little thought management puts into these sorts of programs! Sharing GPS locations of soldiers should have been immediately noticed.

     

    >Where a statement is made and then negated ...

     

    Borat took some humour lessons to learn about "Not" Jokes...

  • ps, I didn't realize that the GPS data was shared globally. I thought such personal data was only available to the user or friends of the user. Kind of a privacy fail on Fitbit's part too.

  • in reply to ntewinkel

    Kind of a privacy fail on Fitbit's part too

    According to the news article on our TV last night, the individual Fitness device number is available, which means that an individual can be tracked.

    This has massive implications for more than just troops running around a secure base.

     

    I'm not sure what sort of delays on the data there is, but Imagine a terrorist checking to see what time is the best time to attack and get maximum casualties.

     

     

    We have a delay built-in for Aircraft tracking but unfortunately ADS-B has killed that system and now reports without delay.

    Since the reports are simply 'sent into space' then anyone can access the information.

     

     

     

    Mark

  • We live in strange times.  It seems that no matter how quickly technology advances, the thing that moves faster is people's desire to hack and crack the data that is moving around.  I cringe at how little effort goes into making data/systems really secure, when we all seem to know that it will only be a matter of time before someone other than the intended parties ends up getting access to data/information.

     

    Given the lack of security you would think that someone would have been able to figure out that tagging service members have been a bad idea.

    Gene

  • in reply to genebren

    cringe at how little effort goes into making data/systems really secure

    I keep saying that data security is only part of the issue.

    If you have no data from 8am until 4pm, then it spikes after that, it would be reasonable to assume no-one is home ... regardless if you can decipher the data or not.

     

     

    you would think that someone would have been able to figure out that tagging service members have been a bad idea

    Not really .... since the person pushing that aspect is unlikely to have even thought about how it works, or what it does.

     

    You'd be amazed at some of the really dumb ideas that the H&S people impose on the workers ... and without consulting them to find out the implications.

    This is probably another one of those.

     

    Mark

  • in reply to mcb1

    I heard about this issue on my commute home last night, it's affected UK personnel as well.

     

    These devices have an anonymous mode - and anyone with anonymous mode would not show up on the heat map published. There was someone from the military on the show I heard, who said that they advised servicemen to enable anonymous mode on all their devices to prevent this sort of security lapse.

     

    That felt disingenuous to me - its quite feasible that a soldier or a civilian consultant could have quite a collection of electronic devices - phone, smartwatch, fitbit, games device, mp3 player, media player, tomtom, etc, and not all devices have a simple switch that allow you to prevent it from phoning home. And there was no comment on if anonymous mode actually stopped the device from phoning home, or if it still passed fitbit the data but passed it back with an anonymous flag. If the latter, it's still insecure.

     

    The cloud is a game changer in software architecture. It's an incredibly useful resource and allows for data to be gathered that can help improve products. The djinni won't be put back in the bottle. But companies need to be responsible about what they keep, where they keep it, how they look after it, who they share it with, and how long they look after it for.

     

    And ultimately the question is who holds them to account if they don't? The customer will may make them pay after a big breach, but by that time, it's often too late.

  • in reply to Dudley

    >they advised servicemen to enable anonymous mode

     

    I saw this on Daily Planet (science/tech tv show) too, and it was dismissed like that too.

    So the question is - are they really not worried about these details? Are the bases very obvious in real life and on satellite images anyways?

     

    Like the idea that someone with the right know-how can pick the lock on my front door. Or anyone can just throw a rock through a window and get in that way.

     

    Or (conspiracy mode: ON), maybe this is information they deliberately want to spread? it would be easy enough to work with companies like Fitbit and Google to alter the information just enough to throw any real terrorists off the target.

    But that might be giving them too much credit.

     

    -Nico

  • in reply to Dudley

    anonymous mode would not show up on the heat map published

    We have had the older models to help prove our roster pattern was fatiguing. It was the sleep mode we used to show how it affected our regular sleep patterns and the overnight standby.

    Ours didn't include GPS data but counted the steps and used your height to calculate distance.

     

    Our devices fed data back to 'mother' via a Bluetooth and either an App or computer, but each device was linked to a Login with your personal details.

    Since none of these Fitbits have all the necessary requirements for a data connection, it seems that the troops have been using Bluetooth and the App to download the data back to 'mother'.

     

    I agree it is worrying that security is not taken more seriously, but until these sort of breaches occur, it will continue to be hidden from the public.

     

    Cheers

    Mark