Merde! Macron's bodyguards reveal his location by sharing Strava data
It's not just the French president, Biden and Putin also reportedly trackable
The French equivalent of the US Secret Service may have been letting their guard down, as an investigation showed they are easily trackable via the fitness app Strava.
An investigation by Le Monde has shown that members of the Security Group for the Presidency of the Republic (GSPR) have been openly displaying their location on the popular software during their workout sessions. Since they travel with President Emmanuel Macron, this makes it fairly easy to work out his location. A dozen of his bodyguards were leaking key information this way.
"Macron's security guards record and publish their runs on the platform. But there's a problem: They are sharing geolocalized information publicly," the newspaper reports.
"In other words, Macron's bodyguards are unknowingly sharing their locations online, both personal and professional. This security flaw means it's possible to track the French president's bodyguards; that is, Macron's hotels, meeting rooms and trips can be tracked through this app."
More disclosures are promised later, but it appears that both President Biden and Russia's Vladimir Putin are also vulnerable to this kind of tracking. In the latter case, it would be interesting if someone - say a Ukrainian drone operator - got hold of such information.
This isn't the first time Strava users have been caught leaking information in this way. In 2018, the US military ordered a review of soldiers' use of the app after an analysis of the data it generated revealed the location of secretive American and Australian military bases.
- All your base are belong to us: Strava exercise app maps military sites, reveals where spies jog
- New strife for Strava: Location privacy feature can be made transparent
- Exercise-tracking app Strava to give away data sweated out after four billion runs, rides and rambles
- Thar she blows: Strava heat map shows folk on shipwreck packed with 1,500 tonnes of bombs
This is all down to a user interface problem feature with the app's Global Heatmap function. Strava users can choose to keep their location secret, but the app maps information by default and it appears that GSPR members may be more interested in showing off their fitness prowess than securing their data, even after years of examples of why this is a really bad idea.
Other workout software is just as bad. Fitness app Polar has been caught exposing similar information, which prompted a massive review of operations and a tightening up of security defaults for the code, but only after journalists started exposing the flaws in openly publishing years of its users' movements.
Some Strava users celebrate sharing their data, however, and can be quite artistic about it. In 2021 Aussie cyclist Peter Stokes pedaled over 150km around Adelaide to trace out the outline of the baby used for the cover of Nirvana's classic Nevermind album.
Hopefully, French bodyguards will put "Something in the Way" of further data disclosures. ®