Polar Fitness Trackers Reveal All About Military Personnel

Henrietta Strickland
July 9, 2018

Polar is the manufacturer of such popular running watches as the Polar M200 and M400, as well as fitness-oriented smart watches like the Polar M430 and M600, while its Polar Flow app is used to organize and view user data.

In a similar incident, Strava found itself in hot water in January: it released a heat map showing the fitness activity of its users from around the world, which was an attempt to highlight its active user base - but it inadvertently made it possible to figure out how people move around sensitive locations like foreign military bases.

Bellingcat's investigation found that the privacy settings used by 6,460 Polar users meant that they could be located through the activity they had shared from their fitness devices.

A study by the three news organisations determined that it is possible to use Polar's Flow app to track down the home addresses of military and intelligence personnel. In a statement, the company said that it has "recently learned that public location data shared by customers via the Explore feature in Flow could provide insight into potentially sensitive locations". Tracing all of this information is very simple through the site: find a military base, select an exercise published there to identify the attached profile, and see where else this person has exercised.

"We were able to scrape Polar's site. for individuals' exercise at 200-plus. sensitive sites, and we gathered a list of almost 6500 unique users", researcher Foeke Postma wrote. A flaw in the app allowed reporters to gather their data, and the API didn't cap the number of requests that someone could make, thereby allowing them "to determine their home address, where people's workouts often begin and end".

Among them are United States troops in Iraq, Syria, Guantanamo Bay, those deployed to the demilitarized zone separating the two Koreas, staffers at the Federal Bureau of Investigation and NSA, military intelligence and cyber security specialists and many others stationed at bases in Africa, South Asia and the Middle East.

"We are analyzing the best options that will allow Polar customers to continue using the Explore feature while taking additional measures to remind customers to avoid publicly sharing Global Positioning System files of sensitive locations", Polar said in the statement.

However, the investigation claims that despite many users making their profiles private it was able to find user details due to "an oversight in the Polar app".

We reached out to Polar for comment on the reports, who responded: "All your profile, training sessions and activity summaries are all set to private by default".

Polar has issued a statement addressing the security loophole, clarifying that there has been no leak or breach of private data, and has apologized for the suspension of its Explore feature.

Other reports by Click Lancashire

Discuss This Article