Polar's social platform is revealing sensitive location data worldwide

Modesto Morganelli
Luglio 11, 2018

Now, according to Foeke Postma of Bellingcat, it seems that Polar - fellow fitness company and maker of the first wireless heart rate monitor for athletes - is revealing similarly sensitive data an an even more risky and accessible way.

"Fitness devices and apps are just one more area where people need to be aware of what kind of data they are sharing, particularly as they strongly rely on sensitive data such as location and health-metrics", Postma concluded.

What's more, even the setting that was supposed to show a Polar user's workout data only to their friends "still let profiles show a name, photo and the locationthey wrote in during registering to anyone".

Popular fitness app Polar monitors people who work in secret facilities, and may expose the addresses of secret service personnel, people working at military bases, airfields and the like.

We can find Western military personnel in Afghanistan through the Polar site.

According to De Correspondent, only about two percent of Polar users chose to share their data, but that nonetheless allowed anyone to discover potentially sensitive data from military or civilian personnel.

The company has now suspended the Explore feature that enables users to publicize their activity.

This could be done by looking at past routes on a single map, which may seem harmless enough, however Bellingcat claims that "Polar is not only revealing the heart rates, routes, dates, time, duration, and pace of exercises" but "As people tend to turn their fitness trackers on/off when leaving or entering their homes, they unwittingly mark their houses on the map".

The case of the Finland-based company bears many similarities with that of fitness tracking app Strava, which involuntarily exposed the possible locations of many sensitive sites and military personnel on secret missions in combat zones.

Users of the Flow app were located at several military bases, including Erbil in northern Iraq, Guantanamo Bay in Cuba and Gao in Mali.

"With only a few clicks, a high-ranking officer of an airbase known to host nuclear weapons can be found jogging across the compound in the morning", security researcher Foeke Postma said in a blog post Sunday after an investigation with the Dutch news organization De Correspondent.

However, the investigation claims that despite many users making their profiles private it was able to find user details due to "an oversight in the Polar app". Data owners fitness devices Global Positioning System trackers on the world map.

If you're a Polar user and aren't keen on having your own data out there for the world to see, make sure you have your profile marked as private (which, thankfully, is the default setting).

And as this comment, and a further Polar statement, suggests, this is a little different to the Strava episode, in which data wasn't automatically set to private.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE