IoT and the law of unintended consequences


You’ve probably already heard about the latest Internet of Things (IoT) security fiasco — coverage has gone far beyond the tech press into the mainstream TV news. In case you haven’t been paying attention, though, here’s the elevator pitch version:

Fitness network Strava publishes a global heatmap of where users are running and working out using its services, and folks just figured out that the map includes information that could reveal the locations of military forces working out in sensitive and sometimes secret locations. One expert worried that “tracking the timing of movements on bases could provide valuable information on patrol routes or where specific personnel are deployed.”

Unlike other IoT security concerns, Strava’s situation doesn’t involve hacking, spearfishing, compromised security protocols, or anything like that. In fact, Strava’s service is working exactly as it was intended, letting folks see where others are running and exercising around the world. The problem is the data reveals previously unseen patterns that could be used in ways Strava, or the security personnel sharing their workout data, never considered.

The Pentagon is concerned

The problem isn’t trivial. According to CNN, “Defense Secretary James Mattis has been made aware of the issue, and the DoD is reviewing policy regarding smartphones and wearable devices.” A Pentagon spokesman told CNN, “We take these matters seriously, and we are reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of DoD personnel at home and abroad.”

Leave a Reply

Your email address will not be published. Required fields are marked *