[APPLICATION] Security breaches in the Polar Flow application: military locations revealed

    The Polar Flow sports application would have revealed the locations of military and government sites considered as “sensitive”. The investigative journalists’ collective «Bellingcat» and the Dutch media «De Correspondent» spotted this flaw. The application collects data that passes over the connected bracelets and thus reveals the location of users.

Thanks to Explore, the public map available on Polar Flow, journalists were able to access various data such as “military base addresses, nuclear production plants, embassies, intelligence agencies”. More than 200 sensitive sites have been discovered. The journalists’ survey was based on profiles of 6460 users of the application in 69 countries out of 650,000 exercise sessions. According to this data collection, they were able to identify the profiles of soldiers and other important personalities working for the NSA, the White House or for the MI6…The application has also helped locate the movements and activities of soldiers currently fighting ISIS in Iraq.

In addition, journalists also noted breaches regarding the protection of private data concerning users who created an account before August 2017. All-important data are stored on the application (photos, starting point…). After this revelation, Polar decided to suspend the Explore feature. However, the company claimed “that it has not disclosed any data and that there has been no violation of private data”. It also reminded its users to use the private mode.