Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pentagon Restricts Use of Fitness Trackers, Other Devices (apnews.com)

Posted by msmash on from the tougher-stance dept.

Military troops and other defense personnel at sensitive bases or certain high-risk warzone areas won't be allowed to use fitness tracker or cellphone applications that can reveal their location, according to a new Pentagon order. From a report: The memo, obtained by The Associated Press, stops short of banning the fitness trackers or other electronic devices, which are often linked to cellphone applications or smart watches and can provide the users' GPS and exercise details to social media. It says the applications on personal or government-issued devices present a "significant risk" to military personnel so those capabilities must be turned off in certain operational areas. Under the new order, military leaders will be able to determine whether troops under their command can use the GPS function on their devices, based on the security threat in that area or on that base. "These geolocation capabilities can expose personal information, locations, routines, and numbers of DOD personnel, and potentially create unintended security consequences and increased risk to the joint force and mission," the memo said. Zack Whittaker, a security reporter at TechCrunch, said, DoD's statement today appears to be a response to the revelation that fitness tracker app Polar was exposing locations of spies and military personnel.

71 comments

  1. So the GPS blackout ... by CaptainDork · · Score: 1, Interesting

    ... locations get the Streisand Effect.

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re:So the GPS blackout ... by Anonymous Coward · · Score: 2, Insightful

      Except these bases are typically in remote areas where the only fitness tracker activity is from military personnel.

    2. Re:So the GPS blackout ... by arth1 · · Score: 4, Interesting

      It's not just a problem with bases and exact positions. It's a problem that individuals can be tracked over time. If you see someone one week do runs in Langley, and the next week do runs in a remote location in Nicaragua, you may have a diplomatic crisis on your hands.

    3. Re:So the GPS blackout ... by fahrbot-bot · · Score: 1

      Except these bases are typically in remote areas where the only fitness tracker activity is from military personnel.

      Ya, but how are people stationed at CIA black-sites supposed to track their cardio now?

      --
      It must have been something you assimilated. . . .
    4. Re:So the GPS blackout ... by Anonymous Coward · · Score: 1

      on Android, IPBike (afaik) stores workouts locally on the phone, not in the cloud. So if you have an Ant+ phone (or dongle), and ant+ hrm, you could then track your workouts on your phone. The only problem that I then see is plotting one's route, as that'll use Google Maps API to track the lat/long locations into the map. So there's a data leak there the DOD may not want

    5. Re:So the GPS blackout ... by wired_parrot · · Score: 1

      It's more than that. By looking at users whose location corresponded to CIA HQ in Langley during the day, for example, they could determine those individuals who worked in the CIA. And by backtracking the location of those individuals to where they were early in the morning, their home address could be determined. When cross-referenced against public databases, this allowed them to determine the identities of any CIA agent working at Langley using the app, along with their home addresses and daily routine. The location of CIA HQ may be public knowledge, but the identity of their agents is not, and exposing those identities is a federal crime.

    6. Re:So the GPS blackout ... by mysidia · · Score: 2

      they could determine those individuals who worked in the CIA. And by backtracking the location of those individuals to where they were early in the morning, their home address could be determined

      Shoot.. this could probably done without an app just by triangulating IMEIs as multiple cellular stations detect the same IMEI; I imagine the carriers could already easily do this --- monitor what IMEIs are frequently detected near a known CIA location, and where that same IMEI is during the early morning, late nights, and weekends...

      Perhaps employees should be encouraged to leave their smartphone at home and never take it on the commute --- give them throwaway feature phones to be stored powered off in their vehicle, in case of emergencies, and issue them a work phone for use during the day after they enter the building, that can't be traced to them or their home, And they can use all the fitness trackers they want, provided none of the fitness trackers people use require that they register with identifying information.....

    7. Re:So the GPS blackout ... by EvilSS · · Score: 1

      Or war-driving their cars. I live near an interstate and my wifi system (ubiquity) logs "near-by" access points by default. I see 30-40 GM vehicles an hour with their onboard wifi hotspots blasting out their SSID and unique MAC. Seems like they are on by default because they way out number any other maker. I only see a handful of Fords, for example.

      --
      I browse on +1 so AC's need not respond, I won't see it.
    8. Re:So the GPS blackout ... by fish_sauce · · Score: 1

      What is it called if someone from for example UK exposes those identities?
      Internet is global and we have satellites that can read news papers from space with ease.
      Anyone with such access can monitor CIA HQ and see who are there and expose them that way. So why focus on fitness trackers and such?! Seems odd to me when the same info can easily be collected another way which is just as easy.

  2. Good by Anonymous Coward · · Score: 1

    No point it letting an easily compromised cloud GPS reporting service track your movements.

  3. Why not mobiles too? by sanf780 · · Score: 3, Insightful

    I understand fitness trackers (app and/or device) are too happy to share your location with friends and strangers. However, Google Maps probably uses your data for some function of Google Maps. I know it can record where your workplace is and where you last parked your car. So, why do Pentagon workers are allowed to bring mobile phones is my guess.

    1. Re:Why not mobiles too? by Kenja · · Score: 4, Informative

      They already restrict the carrying and usage of [mobile devices, including phones.

      --

      "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    2. Re:Why not mobiles too? by jellomizer · · Score: 1

      That and I expect approved devices if having tracking on them would have appropriate safeguards with the vendors.
      Otherwise the bad guys can just buy Google Ads, that would target troops, and based on their impression counts, they can keep track of the opposing troops.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    3. Re:Why not mobiles too? by ole_timer · · Score: 1

      ...the only way these trackers work is if there's a cell phone or wifi signal...most use bluetooth to that signal...

      --
      nothing to see here - move along
    4. Re:Why not mobiles too? by hey! · · Score: 1

      Frankly, for many jobs I think having a smartphone at all is probably not a good idea -- for that matter devices like smart speakers. Anything like that needs to have a hardware "off" button that ensures they aren't listening or transmitting.

      But I'm not sure how secure modern feature phones either in the era of enhanced 911.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    5. Re:Why not mobiles too? by bhcompy · · Score: 1

      All SCIFs at the Pentagon already required that any electronic devices(computers, cellphones, smartwatches, etc) be placed into a secure locker before entering. This is redundant.

      Regardless, 6ft thick granite walls does a number of cell signal. Other than the metro entrance and the interior quad, you don't have reception inside the building

    6. Re:Why not mobiles too? by Anonymous Coward · · Score: 0

      I understand fitness trackers (app and/or device) are too happy to share your location with friends and strangers. However, Google Maps probably uses your data for some function of Google Maps. I know it can record where your workplace is and where you last parked your car. So, why do Pentagon workers are allowed to bring mobile phones is my guess.

      Where did you read pentagon workers from, TFS even says this applies to people who are deployed.

      The pentagon is AFAIK the biggest office building in the world. There’s a metro rail stop right out front of it and there are dedicated HOV pickup spots down I95 just for Pentagon workers. Working there is not a secret in itself. No you can’t bring wireless devices into every room. There is a ridiculous number of rooms. Is hard to even think of it as just a “building”, it’s so yuuuge!

    7. Re:Why not mobiles too? by hawguy · · Score: 1

      Frankly, for many jobs I think having a smartphone at all is probably not a good idea -- for that matter devices like smart speakers. Anything like that needs to have a hardware "off" button that ensures they aren't listening or transmitting.

      But I'm not sure how secure modern feature phones either in the era of enhanced 911.

      How do you know that hardware off button is really a hardware off button on your particular device? Even if you take out the batteries, maybe there's a hidden capacitor that's powering the secret listening device. Do you need to do a complete tear-down periodically?

    8. Re: Why not mobiles too? by c6gunner · · Score: 1

      If you're susceptible to that level of paranoia you should probably wear a full-body tinfoil suit, just in case someone put a tiny listening device on your clothes.

      What to do if they put a listening device on your tinfoil suit ... you'll have to figure that one out on your own.

    9. Re:Why not mobiles too? by thomn8r · · Score: 1
      the only way these trackers work is if there's a cell phone or wifi signal...most use bluetooth to that signal.

      What you're missing is that these devices store the information until such time as they get a network, and then upload the stored data.

    10. Re:Why not mobiles too? by ole_timer · · Score: 1

      ...I didn't miss that at all - i'm technical, I have one, I know how they work...when I went to Germany a few years ago and came back it tracked me in waldorf...

      --
      nothing to see here - move along
    11. Re:Why not mobiles too? by hey! · · Score: 1

      Well, *I* could trace the circuit. Also, a switch position could cut out the mic as well.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    12. Re: Why not mobiles too? by hawguy · · Score: 1

      If you're susceptible to that level of paranoia you should probably wear a full-body tinfoil suit, just in case someone put a tiny listening device on your clothes.

      you mean like the level of paranoia where you don't trust the off button on your phone? I you think someone has tampered with your phone or software enough to disable the soft-off button, why don't you think that they've tampered it in such a way that the device can still record when it's "off"?

    13. Re:Why not mobiles too? by Anonymous Coward · · Score: 0

      The phone knee-jerk might come in another decade (but we will then have an array of devices to worry about). The damage is already done. Does nobody get paid to think of these things AHEAD of time?

    14. Re:Why not mobiles too? by thegarbz · · Score: 1

      I know it can record where your workplace is

      I'm working on site at the moment and I get constant notifications from Maps asking me "do you still work here? Update your work address".

      So not only does it know where I work, but it knows I haven't been there for a while.

  4. They are a little late by Anonymous Coward · · Score: 0

    Pentagon should have stopped this upfront on our troops and secret bases since they should be using this for intelligence gathering. Clearly not our best and brightest working there.

  5. About time by Anonymous Coward · · Score: 0

    How many years have these devices been tracking troops and everyone else who has them. Took the Pentagon long enough to realize it. Where does all the DOD money go?

    1. Re:About time by CaptainDork · · Score: 1

      Certainly not towards burial costs due to GPS tracking.

      --
      It little behooves the best of us to comment on the rest of us.
    2. Re:About time by anegg · · Score: 1

      It would appear that most people have zero clue about how these things work. I wouldn't be surprised to find out that a lower-level security worker was trying to sound the alarm for years but being squelched until a couple of big data breaches were published a year (or more?) ago. Then it takes this long before a change percolates through the system... The "oh, look - bright and shiny!" crowd always seems to undermine common sense.

    3. Re:About time by CaptainDork · · Score: 1

      And cattle ranchers can't identify wild horse shit?

      --
      It little behooves the best of us to comment on the rest of us.
    4. Re:About time by CaptainDork · · Score: 1

      OK.

      When I want expertise about honey I find in the wild, I rely on my beekeepers.

      When I want to identify fecal deposits in a pasture, I depend on local cattle ranchers.

      So, my recommendation to you (and you need it) comes from experience:

      When you don't know bullshit from wild honey, go looking for a cattle rancher and a beekeeper. ~ CaptainDork

      --
      It little behooves the best of us to comment on the rest of us.
    5. Re:About time by Anonymous Coward · · Score: 0

      What if I want to identify gigabytes of cryptofeces, Chris, should I call your uncle?

    6. Re:About time by CaptainDork · · Score: 1

      Bob's yer uncle.

      --
      It little behooves the best of us to comment on the rest of us.
    7. Re:About time by Anonymous Coward · · Score: 0

      "When you don't know bullshit from wild honey, go looking for a cattle rancher and a beekeeper. ~ CaptainDork"

      Logically, all you need is one of those people. By elimination you can then identify the substances.

    8. Re:About time by CaptainDork · · Score: 1

      Actually, I can agree with your logic.

      I should OR the AND.

      Thanks.

      --
      It little behooves the best of us to comment on the rest of us.
    9. Re:About time by Anonymous Coward · · Score: 0

      Sure thing, Chris. So who should I hire to identify your ebooks, videos, and blogs?

    10. Re:About time by CaptainDork · · Score: 1

      I'd say Manning, but she's not a hacker. She's a copier. And Lady Gaga. Seriously?

      Snowden won't do. He's a copier as well. He didn't hack. He walked off with the stuff.

      Reality Winner is also a copycat.

      All the former Anonymous people are in jail, of course ...

      WikiLeaks is a repository; a one-way one at that.

      And you know dang well that Russia and China have no topnotch hackers. Those peeps are good and they simply embed a few strands of DNA into the code.

      The NSA can't do it because an insider gave away the keys to the store and stuff.

      Anyway, the problem has already been hired away. All that stuff is on targeted ad servers.

      That's why you are interested. They are products you never asked for.

      --
      It little behooves the best of us to comment on the rest of us.
    11. Re:About time by Anonymous Coward · · Score: 0

      I've pushed you too far, Chris. I'm sorry. I guess your word salad is either your new tack or you've gone nuts.

    12. Re:About time by CaptainDork · · Score: 1

      Schrödinger's cat.

      --
      It little behooves the best of us to comment on the rest of us.
  6. dumbass spies by Anonymous Coward · · Score: 0

    ...carry gps-enabled devices with them.

  7. but... by zlives · · Score: 2

    how will the spies know if they are healthy or not... when they compare their data with the other spies of the world. How will will know whose spies are the best of the best.
    i mean if i couldn't look at the weather data with location activated how ill i know if its raining outside or not...

    1. Re:but... by zlives · · Score: 1

      also... cell phones...

  8. uuum by iggymanz · · Score: 1

    I'm dumb. Wouldn't using a cell phone at all expose your location the way cell towers work?

    Sorry for the stupid question.

    1. Re:uuum by Gilgaron · · Score: 1

      If you were using the phone in a restricted area, sure. But you're not supposed to do that. I imagine the concern with a fitness tracker is that they often upload your route and steps to the cloud so you can gamify fitness with your social networks or whatever crap, which means that someone can hack into Fitbit and look up patrol routes, even if the good solider left his phone out of the secure area like he was supposed to.

    2. Re:uuum by iggymanz · · Score: 1

      unfortunately my phone isn't smart enough to know it's in a restricted area and immediately stop functioning.

      these military dudes and dudesess must have really smart phones.

    3. Re:uuum by EvilSS · · Score: 1

      https://www.digitaltrends.com/mobile/how-to-turn-on-airplane-mode/

      --
      I browse on +1 so AC's need not respond, I won't see it.
  9. Duh!.. by mi · · Score: 4, Informative

    Took them a while. The problem's been known for years — even in peaceful Finland... And Russians have used malware to get location-data to target Ukrainian forces. And, of course, the NATO.

    --
    In Soviet Washington the swamp drains you.
    1. Re:Duh!.. by guacamole · · Score: 1

      And Russians have used malware to get location-data to target Ukrainian forces.

      I am sorry, but you need to spend about 20 seconds of your google time to find out that this story has been debunked and Crowdstrike partially retracted its claims. This was pretty much a manufactured story released in December of 2016 back when the media hysteria about Russian hacking and interference was just picking up steam.

    2. Re:Duh!.. by mi · · Score: 1

      When claiming anything having been "debunked", you absolutely must include a link to the debunking...

      Crowdstrike partially retracted its claims

      And to the retraction.

      --
      In Soviet Washington the swamp drains you.
  10. Allegedly "smart" so-called "telephones" by jabberw0k · · Score: 1

    Unsafe at any speed. Does the Pentagon not still prohibit cameras of any type on secure installations?

  11. Re:Hang Trump and fitness is assured by kiehlster · · Score: 1

    I'd like to see him Hang Clean for America, because weight lifting is a great way encourage America to get fit, and start a good rivalry with Putin's fitness score.

  12. Why-why-why-why by Anonymous Coward · · Score: 0

    Why THE HELL would military rules for what internet-connected techs you can have while in service be done based on a blacklist rather than a whitelist?

    A blacklist saves the career of the guy who would otherwise approve the wrong device.

    A whitelist saves operational security.

    Why is this even a competition?

    1. Re:Why-why-why-why by AHuxley · · Score: 1

      So contractors and the US mil would be happy.
      Relaxed workers are productive workers beyond just their pay.
      The other fun question AC is why the NSA and GCHQ did not do some sort of "testing" and tell everyone that they had a device broadcast problem.

      --
      Domestic spying is now "Benign Information Gathering"
  13. Opsec by Anonymous Coward · · Score: 0

    You just revealed the classes of devices they're looking for, the material and thickness of the walls, the fact that there's no specialized internal cell network, and where a forwarding router might be set up. Do try to use better opsec

    1. Re: Opsec by Anonymous Coward · · Score: 0

      Thereâ(TM)s a Wikipedia page on SCIFs moron. Every country does this, and they all work the same way.

      But now that everyone knows the pentagon is made of granite, we have to watch out for hackers throwing vinegar on it to dissolve their way in.

    2. Re:Opsec by bhcompy · · Score: 1

      This is public information.

      And it's wrapped in limestone rather than granite, my bad.

  14. They know we can geolocate POTUS, right? by WillAffleckUW · · Score: 1

    Still.

    Fitness track that.

    --
    -- Tigger warning: This post may contain tiggers! --
  15. Oops Secrets Exposed by Anonymous Coward · · Score: 0

    Polar is the name of the company. What is funny is how many employees have death bed confessions.
    https://www.youtube.com/watch?v=6BRcp8yMU8Q

  16. Re:Hang Trump and fitness is assured by Anonymous Coward · · Score: 0

    I actually modded you +1 Underrated. I'm sure you'll be -1 again (probably before I hit submit).

    ....can go back to Russia, to help Putin raise Baron as his ugly treasonous daughter.

    Too funny :)

  17. dog-ate-my-programming-skills by epine · · Score: 1

    If Android didn't have its security model completely inside out and upside down, the rule from on high would be that military personnel on sensitive assignment aren't allowed to enable the gather-location API altogether.

    Then the apps would need to decide whether to limp along without those services available on that particular installation, or pull the chute with a feeble dog-ate-my-programming-skills excuse in the mold of "Javascript required" as if 90% of the site's functionality (99% of the site's useful functionality) didn't map onto static HTML with a straight-edge and compass.

    Because it's so much easier to screen every app you install, rather than just clicking one time on "keep my freaking address book private, all the damn time".

    1. Re:dog-ate-my-programming-skills by Anonymous Coward · · Score: 0

      Well, you see, if the military had the ability to turn off location on phones, then it would become known that it's possible to actually, you know, have a phone that doesn't track your location all the time. I mean, my phone, and Google, know a lot less about me than most peoples' do but that's because I'm an actual geek. You shouldn't have to be to have some degree of privacy.

      This all started with the stupid E-911 initiative that was a very thinly disguised regulation to enable the government and corporations to track everyone everywhere. In a way it's nice to see it bite the DoD in the ass. It'll be even nicer to see how they eventually solve the problem, because once phones are modified appropriately to suit their requirements, which is where this is going, people are going to demand the same thing.

    2. Re:dog-ate-my-programming-skills by Anonymous Coward · · Score: 0

      So this post should be fucking upvoted to 5.

  18. From the dept of Duhhhh by Anonymous Coward · · Score: 0

    No sh*t sherlock..

  19. Strava, not Polar by Anonymous Coward · · Score: 0

    It was the Strava incident that brought this problem into light.
    The Guardian article on Strava

  20. infidelity in relationship by Anonymous Coward · · Score: 0

    Hello everyone! I had seen so many recommendations on ENRIQUE so I contacted him to help me Clone my husband's cell phone and WhatsApp. Just like Magic, I got the files to get it done and I have access to my husband's phone. He was really efficient and I have access to everything including phone calls, logs, sms, surrounding and location. What I like about the job is that it cannot be traced back to me. I have this working for 3 months now. I am just another satisfied customers. Thanks to ENRIQUE LEWIS ,

    CONTACT:

    Email: enriquehackdemon11 @ g m a i l com

    Whatsapp no: +1 (628) 203-5 7 2 2

    Text no: +1 4 0 9 9 9 9 3 4 7 7 .

  21. Comment removed by account_deleted · · Score: 0

    Comment removed based on user account deletion

  22. Comment removed by account_deleted · · Score: 0

    Comment removed based on user account deletion