Actions
Forum Thread Details
  • Replies 8 replies
  • Subscribers 511 subscribers
  • Views 1113 views
  • Users 0 members are here
Related

Security Issues

mcb1

So we've had this discussion before, and now it would seem the problem has come to a head.

 

https://edition.cnn.com/2018/01/28/politics/strava-military-bases-location/index.html

 

The military seems to be using Fitness Trackers, and they have been passing on the GPS co-ordinates while the troops do their exercise.

A Strava heatmap of Baidoa Airport in Somalia.

 

Some very interesting notes in this discussion are :-

 

Nathan Ruser, a 20-year-old Australian student and analyst for the Institute for United Conflict Analysts, noted on Twitter on Saturday that the map made US bases "clearly identifiable and mappable."

 

In 2013, the Army issued Fitbit Flex wristbands to some 2,200 soldiers as part of its "Performance Triad" program, Military.com reported. In 2015, the program expanded: 20,000 soldiers and reservists across American bases within the continental US were tagged to participate, according to the Army Times.

 

 

In NZ we have a great advertising campaign by Tui Brewries.

Where a statement is made and then negated ...

 

https://i.pinimg.com/originals/19/bd/2d/19bd2db486b88f6529aa074fbffe5249.jpg

The popularity has made it a common use term "Tui's Billboard"

 

So it seems this sending data into the cloud is a really great idea - Not!

 

 

Mark

Parents

  • We live in strange times.  It seems that no matter how quickly technology advances, the thing that moves faster is people's desire to hack and crack the data that is moving around.  I cringe at how little effort goes into making data/systems really secure, when we all seem to know that it will only be a matter of time before someone other than the intended parties ends up getting access to data/information.

     

    Given the lack of security you would think that someone would have been able to figure out that tagging service members have been a bad idea.

    Gene

  • in reply to genebren

    cringe at how little effort goes into making data/systems really secure

    I keep saying that data security is only part of the issue.

    If you have no data from 8am until 4pm, then it spikes after that, it would be reasonable to assume no-one is home ... regardless if you can decipher the data or not.

     

     

    you would think that someone would have been able to figure out that tagging service members have been a bad idea

    Not really .... since the person pushing that aspect is unlikely to have even thought about how it works, or what it does.

     

    You'd be amazed at some of the really dumb ideas that the H&S people impose on the workers ... and without consulting them to find out the implications.

    This is probably another one of those.

     

    Mark

  • in reply to mcb1

    I heard about this issue on my commute home last night, it's affected UK personnel as well.

     

    These devices have an anonymous mode - and anyone with anonymous mode would not show up on the heat map published. There was someone from the military on the show I heard, who said that they advised servicemen to enable anonymous mode on all their devices to prevent this sort of security lapse.

     

    That felt disingenuous to me - its quite feasible that a soldier or a civilian consultant could have quite a collection of electronic devices - phone, smartwatch, fitbit, games device, mp3 player, media player, tomtom, etc, and not all devices have a simple switch that allow you to prevent it from phoning home. And there was no comment on if anonymous mode actually stopped the device from phoning home, or if it still passed fitbit the data but passed it back with an anonymous flag. If the latter, it's still insecure.

     

    The cloud is a game changer in software architecture. It's an incredibly useful resource and allows for data to be gathered that can help improve products. The djinni won't be put back in the bottle. But companies need to be responsible about what they keep, where they keep it, how they look after it, who they share it with, and how long they look after it for.

     

    And ultimately the question is who holds them to account if they don't? The customer will may make them pay after a big breach, but by that time, it's often too late.

  • in reply to Dudley

    >they advised servicemen to enable anonymous mode

     

    I saw this on Daily Planet (science/tech tv show) too, and it was dismissed like that too.

    So the question is - are they really not worried about these details? Are the bases very obvious in real life and on satellite images anyways?

     

    Like the idea that someone with the right know-how can pick the lock on my front door. Or anyone can just throw a rock through a window and get in that way.

     

    Or (conspiracy mode: ON), maybe this is information they deliberately want to spread? it would be easy enough to work with companies like Fitbit and Google to alter the information just enough to throw any real terrorists off the target.

    But that might be giving them too much credit.

     

    -Nico

Reply
  • in reply to Dudley

    >they advised servicemen to enable anonymous mode

     

    I saw this on Daily Planet (science/tech tv show) too, and it was dismissed like that too.

    So the question is - are they really not worried about these details? Are the bases very obvious in real life and on satellite images anyways?

     

    Like the idea that someone with the right know-how can pick the lock on my front door. Or anyone can just throw a rock through a window and get in that way.

     

    Or (conspiracy mode: ON), maybe this is information they deliberately want to spread? it would be easy enough to work with companies like Fitbit and Google to alter the information just enough to throw any real terrorists off the target.

    But that might be giving them too much credit.

     

    -Nico

Children
No Data