The Israeli newspaper Haaretz reported that an unknown entity managed to uncover the identities of hundreds of military personnel and civilians working in sensitive military bases through a security vulnerability in a popular fitness app, prompting an investigation by authorities who confirmed the breach has been ongoing for years.
According to Haaretz, this unidentified entity created a fake account on Strava, an app designed for athletes, which enabled them to gather personal data and residence information on hundreds of Israelis stationed at sensitive locations, some housing intelligence headquarters and even nuclear missile storage facilities.
Haaretz revealed that an open-source intelligence specialist detected suspicious activity on the widely-used app. The specialist noticed a fictitious account had generated dozens of fake running routes inside air and intelligence bases, which allowed it to identify personnel working at these sites. Following this discovery, the newspaper alerted security authorities to the security breach.
Suspicious Activity
The suspicious activity reportedly began in July when the unknown entity set up the fake account, generating 60 running routes across 30 bases within four days. They falsely claimed to have completed these routes, raising suspicions, especially as the bases were widely dispersed and included facilities that no longer exist, such as the Sde Dov base near Tel Aviv.
Among the facilities from which data was collected were Tel Nof Air Base, naval bases in Ashdod and Eilat, the headquarters of the renowned Unit 8200 in occupied Jerusalem, and even weapons depots at Sdot Micha Base, believed to store nuclear missiles. The data collection extended to an American base at Mount Har Keren, which remained secret until last year.
Strava users typically record their completed running routes, which are then stored on the app’s servers. This allowed the unknown entity to exploit a security loophole in the app’s settings, enabling them to record routes without actually running them.
According to Haaretz, the open-source intelligence specialist suggested that the unknown entity’s activity was clearly aimed at gathering intelligence, specifically focusing on military facilities, their locations, and functions.
Years-Long Vulnerability
The Israeli Ministry of Defense and security agencies were reportedly unaware of the security gap until Haaretz informed them of the breach, noting that this vulnerability had existed for years.
Israel has faced similar security breaches in recent years, suspected to be part of a broader wave of cyber-attacks, some of which have been attributed to Iran.
The latest incident occurred just a week ago when a group of hackers leaked sensitive information about senior current and former Israeli officials.
Sunna Files Free Newsletter - اشترك في جريدتنا المجانية
Stay updated with our latest reports, news, designs, and more by subscribing to our newsletter! Delivered straight to your inbox twice a month, our newsletter keeps you in the loop with the most important updates from our website
