Maintain composure, stay collected - Strava sports app poses a potential security concern for Sweden's prime minister
A significant concern in the realm of data protection, particularly for top politicians, has been highlighted by recent events involving the Strava fitness app. The Swedish news outlets Dagens Nyheter and SVT have reported on this issue, shedding light on a potential security risk posed by the app.
The risk stems from the unintentional disclosure of sensitive location data by bodyguards responsible for the protection of high-ranking individuals. This data can reveal private details such as jogging routes and locations, potentially exposing private addresses and other sensitive information.
The issue arises due to the public nature of many Strava profiles. Bodyguards often use the app with public profiles, allowing anyone to view their workout routes and locations. When they upload their running or cycling routes, they may inadvertently reveal the locations of the politicians they protect, including private residences, hotels, and meeting venues.
Strava's global heat map, which shows user activity, has in the past exposed sensitive locations, such as military bases. Although this feature is not the primary concern with bodyguards, it demonstrates how location data can compromise security.
One notable example of this security risk occurred with the Swedish Prime Minister, Ulf Kristersson. Swedish secret service bodyguards posted details of their workouts on Strava, exposing the movements of the Prime Minister. This included information about his private residences and travel routes.
Similar incidents have been reported elsewhere. In 2023, a former Russian submarine commander was tracked and killed using details from his Strava profile. In 2017, Strava's heat map revealed locations of military bases and intelligence outposts. Strava has also been used to track the movements of world leaders like Emmanuel Macron and Joe Biden by analysing the activities of their security teams on the app.
The implications of this security vulnerability are clear. The use of Strava by bodyguards highlights a significant security risk, even without malicious intent. Personal apps can pose risks if not managed properly, especially among those handling sensitive information or protecting high-profile individuals.
There is a growing need for awareness about potential security risks associated with personal apps. Necessary measures will be taken to prevent such incidents from happening again, as announced by Justice Minister Gunnar Strömmer.
Professor Wilhelm Agrell, an expert in intelligence analysis, expressed concern about the potential misuse of location data from sports apps like Strava. Agrell was surprised that bodyguards were not more vigilant about data protection. He stated that such data could be highly valuable for disabling the state apparatus.
As the use of technology continues to evolve, it is essential for those responsible for protecting high-ranking individuals to stay vigilant and aware of potential security risks. The case of the Strava app serves as a stark reminder of the importance of data protection in the digital age.
The Commission has also been consulted on the draft directive regarding the security risks associated with the use of personal apps like Strava, particularly by bodyguards responsible for the protection of high-ranking individuals in politics and general-news. Moreover, the incident involving the Swedish Prime Minister, Ulf Kristersson, whose movements were exposed through Strava, highlights the potential politics and sports-related implications of such security lapses.
