Apps or spyware?
Health freaks can be quite a pain. You know the type: they turn up their nose at nihari, count their calories and crusade against carbohydrates.
Given half a chance they'll bore you with tales of their gym exploits, preach the cult of CrossFit and the benefits of boot camp, all the while counting steps on their accursed Fitbits. Because, much like vegans, they seem to feel that it's not enough to simply practice; one must also preach. And of course, it's no fun just competing against yourself: thanks to fitness apps that record and share the details of your workout, you can now show off your regimen to virtual strangers. Which brings us to the latest: while fitness evangelists have always been annoying, now they're a bona fide security threat.
Take the online fitness tracker Strava: Using your mobile phone's GPS and also data from other fitness devices like Fitbit and Jawbone, it publishes 'heat maps' showing the routes taken by its users as they jog, walk or bicycle, with the more frequently used routes showing up as brighter lines.
Now that's fine when it comes to a public park or jogging track, but less so when it comes to military bases like the Bagram airbase in Afghanistan. A nerve centre of US operations in the Forever War, Bagram has been targeted by the Afghan Taliban, insider attacks and espionage, but now it seems that the latest security threat comes from jogging US military personnel sharing their location data with the world.
When you look at the map, you can tell which routes in the bases are used most frequently, and can even work out which nearby roads are more frequently patrolled - useful information for attackers and infiltrators. A similar problem was seen in the US forward bases in Helmand, and the base at Tanf in Syria.
By contrast, few lights show up on Russian bases and none on Iranian bases in Syria: apparently being less wired has its upside. Moreover, a hacker who accesses Strava's data can also potentially track individual users and - if they happen to be military personnel - can come up with a fairly accurate picture of military deployment schedules. In remote areas, the bases stand out like signal fires.
This isn't the first time apps have rung alarm bells in security circles. The Pokemon Go! fad sparked similar concerns in China, the US and Israel - to name just three countries. The Israeli army banned soldiers from playing Pokemon Go for fear that they could inadvertently expose military secrets - given that the app requires access to users' locations and camera there are real concerns that soldiers hunting Pokemon on a military base could very well give away crucial information.
The US, for its part, also warned military personnel of the dangers and also cautioned them to make sure they had installed the original game, and not one of the many counterfeit apps that one can find on the internet - bootleg versions of popular apps like WhatsApp, for example, which are riddled with spyware and malware that can allow access to your personal data.
In the Ukraine conflict,
it was reported that Russian hackers developed a 'poisoned' version of a Ukrainian military app used for processing targeting data for a weapon called the D-30 Howitzer. Distributed through online forums frequented by members of the Ukrainian military, this app allowed the Russian military to target Ukrainian positions with great success.
Currently the most dangerous spyware masquerading as an app is considered to be Chrysaor, developed by Israeli firm NSO Group Technologies. Discovered by researchers at Google and Lookout, it can hack users' cameras and microphone, as well as track calls, messages and internet history. It can even take screenshots, log all pressed keys and listen to encrypted audio streams. Essen tially, it knows everything you do on your phone, ensuring total surveillance.