Critical Assets Location revealed through Fitness App Data

Fitness App Data Insights reveals locations of vessels and offshore platforms.


The blending of technology and everyday life has brought both convenience and risks. Fitness apps have become a popular tool for individuals seeking to track their physical activities and monitor their progress. However, the integration of location tracking features in these apps can inadvertently lead to cybersecurity risks, especially when it involves revealing the locations of vessels and offshore platforms.

Location tracking has become a common feature in fitness apps, allowing users to map their routes, monitor distances, and track their fitness accomplishments. While this feature can be beneficial for personal health and fitness goals, it becomes a cause for concern when applied to industries involving vessels and offshore platforms.



Understanding about AIS in Marine Vessel


The automatic identification system, or AIS shares a known set of information (vessel location, speed, heading, draught, etc.) with nearby vessels and, via Marine Traffic, with anyone who has an internet connection. Company security officers and captains can plan for this continual dissemination of information and, as per Solas Chapter V, annex 17, the AIS may only be switched off “if the master believes that the continual operation of AIS might compromise the safety or security of his/her ship.”

AIS information release is consistent and planned for, but increasingly, especially as broadband becomes available at sea, the mobile phones carried by seafarers may be releasing sensitive information without any awareness, planning or oversight.


Understanding the concern


At the end of 2017, Strava, a mobile app used to track athletic activity, released a global heatmap showing the “anonymised” movement patterns of all app users who do not select the option to keep their data private. Among these app users are seafarers and people working on offshore platforms who likely do not realise how publicly they are sharing their location.

In a crowded city, anonymising the data is effective because there are so many people in the area that it is virtually impossible to identify the movement patterns of any individual. However, as there are relatively few app users at sea (or in other remote areas) it becomes possible to follow the movement patterns of just one app user.

Don’t be too alarmed. Because assets in our industry tend to move around and because the heat map includes all data from 2009 to September 2017, the security implications for our industry are probably not as serious as they at first appear, but it is still a good reminder that our apps often share for more information about us than we realise.

Critical Assets Location revealed through Fitness App Data

Screenshot from the fitness tracking website shows location of critical assets.



Mitigation Strategies


  1. User Awareness: App users should be educated about the potential risks of sharing location data and understand the implications of revealing vessel and offshore platform locations.
  2. Privacy Controls: Fitness apps should offer robust privacy controls that allow users to choose who can access their location data. Additionally, the option to blur or obfuscate certain areas on maps could be implemented.
  3. Anonymization: Fitness app developers can implement anonymization techniques that aggregate location data in a way that prevents the identification of specific vessels or platforms.

Conclusion


In our modern world, it is impractical to expect people not to use mobile devices. Even if they are completely banned on board, it is likely that people will continue to use them. Instead of trying to restrict use, we must focus on educating people about their privacy choices. Privacy options available on almost all apps can make a big difference.


REFERENCE


About the Author

Ruben George