![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
- Joined
- May 18, 1997
- Messages
- 54,434
Finnish fitness tracking app Polar Flow has been exposing the locations of any of the 30 million users of their app for years. According to researchers at the Bellingcat open source intelligence collective; even if the user sets their account to private, it was very easy to track the individual users. This was because the app allowed anyone to see a user's unique user number and use it in searches.
After using the map to track a random runner who frequented a military installation back to his home where he also worked out on a treadmill, the researchers decided to walk his daily workout path. They were able to watch his neighbors carry on everyday life and then knocked on the man's door. He quickly referred them to the defense department when confronted with the revelations from the app. John Doe's name, LinkedIn account profile, address, job title and and more was uncovered from a trip to the registry of deeds.
This is more proof that Internet of Things (IOT) devices need more security built into them. When we agree to attach a tracker to our bodies there should be a measure of security baked into the device so that situations like Polar Flow stops becoming the normal. When are we going to wake up and realize that our data is a precious commodity and should be protected? These researchers were able to track FBI agents as they worked and pinpointed where they lived with satellite imagery from Google Maps. Is that not enough of a wake up call for everyday citizens to demand more security?
One Fort Meade runner is harder to track down. His Polar profile is private. Polar’s map leads us to a group of houses where he probably lives, but we can’t pinpoint the exact address and thus we can’t use our registry-of-deeds trick to determine his identity. But there’s another runner in that same neighborhood who also takes regular runs at Fort Meade. She turns out to be a cybercrime response specialist.
We run her through public US databases and discover she’s recently changed her name. Using the new name, we finally locate the house where she and our first runner live. It’s not the address we first found; the couple have recently moved. He’s part of a special intelligence unit.
After using the map to track a random runner who frequented a military installation back to his home where he also worked out on a treadmill, the researchers decided to walk his daily workout path. They were able to watch his neighbors carry on everyday life and then knocked on the man's door. He quickly referred them to the defense department when confronted with the revelations from the app. John Doe's name, LinkedIn account profile, address, job title and and more was uncovered from a trip to the registry of deeds.
This is more proof that Internet of Things (IOT) devices need more security built into them. When we agree to attach a tracker to our bodies there should be a measure of security baked into the device so that situations like Polar Flow stops becoming the normal. When are we going to wake up and realize that our data is a precious commodity and should be protected? These researchers were able to track FBI agents as they worked and pinpointed where they lived with satellite imagery from Google Maps. Is that not enough of a wake up call for everyday citizens to demand more security?
One Fort Meade runner is harder to track down. His Polar profile is private. Polar’s map leads us to a group of houses where he probably lives, but we can’t pinpoint the exact address and thus we can’t use our registry-of-deeds trick to determine his identity. But there’s another runner in that same neighborhood who also takes regular runs at Fort Meade. She turns out to be a cybercrime response specialist.
We run her through public US databases and discover she’s recently changed her name. Using the new name, we finally locate the house where she and our first runner live. It’s not the address we first found; the couple have recently moved. He’s part of a special intelligence unit.
