In the fitness app, there is a security flaw. According to a misinformation monitor, Strava allowed dubious individuals to identify and follow security officers operating at hidden facilities in Israel.
Even if they had the most restrictive privacy settings, FakeReporter discovered that by submitting phoney running "segments," a user might uncover the names and previous routes of others active in the region.
It was possible to see information on 100 people who exercised at six different bases.
Strava stated that the problem has been resolved.
"We are mindful of the increasing risks in cyberspace," Israel's military said.
"In order to deal with these concerns, and in light of prior instances like the one stated," the statement said, "the rules and regulations are frequently reaffirmed and reinforced among individuals serving in sensitive positions."
This isn't the first time that Strava's monitoring tools have raised worries about security.
People's workout routes at military stations throughout the world, including US locations in Syria and Afghanistan, were disclosed in a worldwide "heatmap" produced by the firm in 2018.
headquartered in San Francisco More than 95 million individuals in 195 countries use Strava.
Its software uses data from a person's phone or wearable fitness gadget, including GPS coordinates, to track their exercise activities.
People may post their running and cycling timings and compare their results to those of other people who used the same routes.
A suspicious user named "Ez Shehl" used these functions to upload fake GPS data to create route segments inside secret facilities associated with Israel's military, the Mossad intelligence agency, and the Shin Bet internal security service, according to FakeReporter, an Israeli group that combats malicious online activity.
Straight GPS lines, no timings, and unrealistic pace, such as traversing 500m in 0 seconds, were all included in the portions. Even though their accounts were set to "private," the times and personal data of other users who ran the same parts were later disclosed on the Strava leaderboard, including images, home locations, and the names of family members.
According to FakeReporter, at least 100 Israelis were hit by the vulnerability, including a senior defence officer designated as "N." It shared screenshots of runs made from their house and within numerous Israeli air force facilities, as well as ones made in Ukraine.
FakeReporter stated that it informed Israeli authorities about the security breach as soon as it became aware of it, and that it notified Strava after gaining their clearance.
"Despite previous findings, it appears that Israeli security services have not caught up," the watchdog's head, Achiya Schatz, said in a statement. "Despite considerable modifications to Strava's privacy settings, confused users' accounts might still be seen publicly, even if they were set as 'private.'"
"Hazardous groups have moved one worrying step closer to hacking a popular app in order to undermine the security of citizens and countries alike by leveraging the potential to upload engineered files, disclosing the data of users anywhere in the globe."
"We take problems of privacy extremely seriously and have fixed the highlighted flaws," Strava told Israel's Haaretz newspaper.