Flaw in Strava running app can find where a user lives


Cybersecurity experts have managed to find the precise address of a user by comparing his activity on the Strava sports application and his data on the web.

Strava, one of the most popular sports tracking apps in the world โ€” with nearly 100 million active users โ€” contains security vulnerabilities, according to an article by Bleeping Computer published on June 11. Researchers at the University of North Carolina have published a report on openly accessible data that can trace a user’s journey.

Since 2018, Strava has offered its subscribers an option โ€œ heat map ยป to trace the most active exercise areas on a map. A sportsman will be able to consult the circuits where he spends the most, but can also look for other popular routes since the application claims to collect data anonymously to offer races to its users.

To test the security of the app, the researchers started by analyzing all the images to detect start and stop zones on specific streets in three American states. After selecting heat maps, the team of experts overlaid images from the OpenStreetMaps site to identify individual residential addresses. They then looked for users who had registered a specific city as their place of residence. By comparing endpoints and a subscriber’s personal data from the search function, researchers were able to correlate high heatmap activity with users’ home addresses.

High activity offers more info

Based on information recorded in voter lists, the researchers’ predictions were correct in about 37.5% of cases. The more the user was active, the more the probabilities to know his address and his movements were high. An athlete who combines, for example, cycling and swimming, offers even more data to the platform.

A “heat map” can detect strong activity in the driveway in front of the entrance to a home. // Source: University of North Carolina
It is possible to follow a user by noting several specific points of activity on a map. // Source: University of South Carolina
It is possible to follow a user by noting several specific points of activity on a map. // Source: University of South Carolina

Naturally, if the individual resides in an area with a high population density, this makes its geolocation more complicated. The inhabitants of residential pavilions, on the other hand, make the task easier, since the houses make it possible to attach a starting point to a user.

The success rate of 37.5% is high enough to pose a risk to a person’s safety. The method used by the researchers requires very little technique and a sufficiently motivated individual will be able to obtain precise information on a target. It is recommended to offer as little data as possible to applications.

Do you want to know everything about the mobility of tomorrow, from electric cars to pedelecs? Subscribe now to our Watt Else newsletter!



Source link -100