blog.pradeo.com
Open in
urlscan Pro
199.60.103.225
Public Scan
Submitted URL: https://hubs.ly/Q02WqrpM0?utm_campaign=Emailing&utm_source=hs_email&utm_medium=email&utm_content=331716848&_hsen...
Effective URL: https://blog.pradeo.com/strava-security-breach?utm_campaign=Emailing&utm_source=email&utm_medium=UK&utm_content=Strava
Submission: On October 31 via manual from IN — Scanned from US
Effective URL: https://blog.pradeo.com/strava-security-breach?utm_campaign=Emailing&utm_source=email&utm_medium=UK&utm_content=Strava
Submission: On October 31 via manual from IN — Scanned from US
Form analysis 2 forms found in the DOM
POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2378615/caf050a8-9ff7-4223-8e7a-0bad8656b2b9
<form id="hsForm_caf050a8-9ff7-4223-8e7a-0bad8656b2b9_900" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2378615/caf050a8-9ff7-4223-8e7a-0bad8656b2b9"
class="hs-form-private hsForm_caf050a8-9ff7-4223-8e7a-0bad8656b2b9 hs-form-caf050a8-9ff7-4223-8e7a-0bad8656b2b9 hs-form-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_cf5c8bc2-3bc5-42e4-b2c7-19ff611eda93 hs-form stacked"
target="target_iframe_caf050a8-9ff7-4223-8e7a-0bad8656b2b9_900" data-instance-id="cf5c8bc2-3bc5-42e4-b2c7-19ff611eda93" data-form-id="caf050a8-9ff7-4223-8e7a-0bad8656b2b9" data-portal-id="2378615"
data-test-id="hsForm_caf050a8-9ff7-4223-8e7a-0bad8656b2b9_900">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_900" class="" placeholder="Enter your Email"
for="email-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_900"><span>Email</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_900" name="email" required="" placeholder="Enter your email here" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_blog_default_hubspot_blog_subscription hs-blog_default_hubspot_blog_subscription hs-fieldtype-radio field hs-form-field" style="display: none;"><label
id="label-blog_default_hubspot_blog_subscription-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_900" class="" placeholder="Enter your Notification Frequency"
for="blog_default_hubspot_blog_subscription-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_900"><span>Notification Frequency</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="blog_default_hubspot_blog_subscription" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Subscribe"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1730398890350","formDefinitionUpdatedAt":"1697753353707","renderRawHtml":"true","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36","pageTitle":"Strava: When a Simple Fitness App Becomes a National Security Threat","pageUrl":"https://blog.pradeo.com/strava-security-breach?utm_campaign=Emailing&utm_source=email&utm_medium=UK&utm_content=Strava","pageId":"182154652168","urlParams":{"utm_campaign":"Emailing","utm_source":"email","utm_medium":"UK","utm_content":"Strava"},"isHubSpotCmsGeneratedPage":true,"canonicalUrl":"https://blog.pradeo.com/strava-security-breach","contentType":"blog-post","hutk":"19195fda3fc0259b8dffd8a265129ef7","__hsfp":1639347869,"__hssc":"104134431.1.1730398891115","__hstc":"104134431.19195fda3fc0259b8dffd8a265129ef7.1730398891115.1730398891115.1730398891115.1","formTarget":"#hs_form_target_module_159990330965303_blog_subscribe_900","formInstanceId":"900","pageName":"Strava: When a Simple Fitness App Becomes a National Security Threat","rumScriptExecuteTime":1004.8999996185303,"rumTotalRequestTime":1256.0999994277954,"rumTotalRenderTime":1318.8000001907349,"rumServiceResponseTime":251.19999980926514,"rumFormRenderTime":62.70000076293945,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1730398891126,"originalEmbedContext":{"portalId":"2378615","formId":"caf050a8-9ff7-4223-8e7a-0bad8656b2b9","region":"na1","target":"#hs_form_target_module_159990330965303_blog_subscribe_900","isBuilder":false,"isTestPage":false,"isPreview":false,"formInstanceId":"900","formsBaseUrl":"/_hcms/forms","css":"","inlineMessage":"<span>Thank you for subscribing! We’ll keep you posted.</span>","isMobileResponsive":true,"pageName":"Strava: When a Simple Fitness App Becomes a National Security Threat","pageId":"182154652168","contentType":"blog-post","formData":{"cssClass":"hs-form stacked"},"isCMSModuleEmbed":true},"correlationId":"cf5c8bc2-3bc5-42e4-b2c7-19ff611eda93","renderedFieldsIds":["email","blog_default_hubspot_blog_subscription"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.6227","sourceName":"forms-embed","sourceVersion":"1.6227","sourceVersionMajor":"1","sourceVersionMinor":"6227","allPageIds":{"embedContextPageId":"182154652168","analyticsPageId":"182154652168","contentPageId":182154652168,"contentAnalyticsPageId":"182154652168"},"_debug_embedLogLines":[{"clientTimestamp":1730398890414,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"Strava: When a Simple Fitness App Becomes a National Security Threat\",\"pageUrl\":\"https://blog.pradeo.com/strava-security-breach?utm_campaign=Emailing&utm_source=email&utm_medium=UK&utm_content=Strava\",\"userAgent\":\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36\",\"urlParams\":{\"utm_campaign\":\"Emailing\",\"utm_source\":\"email\",\"utm_medium\":\"UK\",\"utm_content\":\"Strava\"},\"pageId\":\"182154652168\",\"contentAnalyticsPageId\":\"182154652168\",\"contentPageId\":182154652168,\"isHubSpotCmsGeneratedPage\":true}"},{"clientTimestamp":1730398890416,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"US\""},{"clientTimestamp":1730398891122,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"19195fda3fc0259b8dffd8a265129ef7\",\"canonicalUrl\":\"https://blog.pradeo.com/strava-security-breach\",\"contentType\":\"blog-post\",\"pageId\":\"182154652168\"}"}]}"><iframe
name="target_iframe_caf050a8-9ff7-4223-8e7a-0bad8656b2b9_900" style="display: none;"></iframe>
</form>POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2378615/caf050a8-9ff7-4223-8e7a-0bad8656b2b9
<form id="hsForm_caf050a8-9ff7-4223-8e7a-0bad8656b2b9_6848" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2378615/caf050a8-9ff7-4223-8e7a-0bad8656b2b9"
class="hs-form-private hsForm_caf050a8-9ff7-4223-8e7a-0bad8656b2b9 hs-form-caf050a8-9ff7-4223-8e7a-0bad8656b2b9 hs-form-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_c3581661-99ae-4e2b-bdee-39cc4e9519ec hs-form stacked"
target="target_iframe_caf050a8-9ff7-4223-8e7a-0bad8656b2b9_6848" data-instance-id="c3581661-99ae-4e2b-bdee-39cc4e9519ec" data-form-id="caf050a8-9ff7-4223-8e7a-0bad8656b2b9" data-portal-id="2378615"
data-test-id="hsForm_caf050a8-9ff7-4223-8e7a-0bad8656b2b9_6848">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_6848" class="" placeholder="Enter your Email"
for="email-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_6848"><span>Email</span><span class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_6848" name="email" required="" placeholder="Enter your email here" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_blog_default_hubspot_blog_subscription hs-blog_default_hubspot_blog_subscription hs-fieldtype-radio field hs-form-field" style="display: none;"><label
id="label-blog_default_hubspot_blog_subscription-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_6848" class="" placeholder="Enter your Notification Frequency"
for="blog_default_hubspot_blog_subscription-caf050a8-9ff7-4223-8e7a-0bad8656b2b9_6848"><span>Notification Frequency</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="blog_default_hubspot_blog_subscription" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Subscribe"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1730398890513","formDefinitionUpdatedAt":"1697753353707","renderRawHtml":"true","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36","pageTitle":"Strava: When a Simple Fitness App Becomes a National Security Threat","pageUrl":"https://blog.pradeo.com/strava-security-breach?utm_campaign=Emailing&utm_source=email&utm_medium=UK&utm_content=Strava","pageId":"182154652168","urlParams":{"utm_campaign":"Emailing","utm_source":"email","utm_medium":"UK","utm_content":"Strava"},"isHubSpotCmsGeneratedPage":true,"canonicalUrl":"https://blog.pradeo.com/strava-security-breach","contentType":"blog-post","hutk":"19195fda3fc0259b8dffd8a265129ef7","__hsfp":1639347869,"__hssc":"104134431.1.1730398891115","__hstc":"104134431.19195fda3fc0259b8dffd8a265129ef7.1730398891115.1730398891115.1730398891115.1","formTarget":"#hs_form_target_module_160104611788712_6848","formInstanceId":"6848","pageName":"Strava: When a Simple Fitness App Becomes a National Security Threat","rumScriptExecuteTime":1004.8999996185303,"rumTotalRequestTime":1444.8000001907349,"rumTotalRenderTime":1469.8999996185303,"rumServiceResponseTime":439.9000005722046,"rumFormRenderTime":25.09999942779541,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1730398891607,"originalEmbedContext":{"portalId":"2378615","formId":"caf050a8-9ff7-4223-8e7a-0bad8656b2b9","region":"na1","target":"#hs_form_target_module_160104611788712_6848","isBuilder":false,"isTestPage":false,"isPreview":false,"formInstanceId":"6848","formsBaseUrl":"/_hcms/forms","css":"","inlineMessage":"<p style=\"text-align: center;\">Thanks for Subscribing!</p>","isMobileResponsive":true,"pageName":"Strava: When a Simple Fitness App Becomes a National Security Threat","pageId":"182154652168","contentType":"blog-post","formData":{"cssClass":"hs-form stacked"},"isCMSModuleEmbed":true},"correlationId":"c3581661-99ae-4e2b-bdee-39cc4e9519ec","renderedFieldsIds":["email","blog_default_hubspot_blog_subscription"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.6227","sourceName":"forms-embed","sourceVersion":"1.6227","sourceVersionMajor":"1","sourceVersionMinor":"6227","allPageIds":{"embedContextPageId":"182154652168","analyticsPageId":"182154652168","contentPageId":182154652168,"contentAnalyticsPageId":"182154652168"},"_debug_embedLogLines":[{"clientTimestamp":1730398890604,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"Strava: When a Simple Fitness App Becomes a National Security Threat\",\"pageUrl\":\"https://blog.pradeo.com/strava-security-breach?utm_campaign=Emailing&utm_source=email&utm_medium=UK&utm_content=Strava\",\"userAgent\":\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36\",\"urlParams\":{\"utm_campaign\":\"Emailing\",\"utm_source\":\"email\",\"utm_medium\":\"UK\",\"utm_content\":\"Strava\"},\"pageId\":\"182154652168\",\"contentAnalyticsPageId\":\"182154652168\",\"contentPageId\":182154652168,\"isHubSpotCmsGeneratedPage\":true}"},{"clientTimestamp":1730398890605,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"US\""},{"clientTimestamp":1730398891127,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"19195fda3fc0259b8dffd8a265129ef7\",\"canonicalUrl\":\"https://blog.pradeo.com/strava-security-breach\",\"contentType\":\"blog-post\",\"pageId\":\"182154652168\"}"}]}"><iframe
name="target_iframe_caf050a8-9ff7-4223-8e7a-0bad8656b2b9_6848" style="display: none;"></iframe>
</form>Text Content
This website stores cookies on your computer. These cookies are used to collect
information about how you interact with our website and allow us to remember
you. We use this information in order to improve and customize your browsing
experience and for analytics and metrics about our visitors both on this website
and other media. To find out more about the cookies we use, see our Privacy
Policy.
If you decline, your information won’t be tracked when you visit this website. A
single cookie will be used in your browser to remember your preference not to be
tracked.
Cookies settings
AcceptDecline
* Solutions
MOBILE DEVICE SECURITY
* Mobile Threat Defense
* Secure Private Store
MOBILE APPLICATION SECURITY
* Mobile Application Compliance Audit
* Runtime Application Self Protection
* Shielding
* Application Security Testing
* Use cases
* Cybersecurity in MDM/ UEM
* Securing mobile devices
* Securing Mobile Applications
* Malware / leakware protection
* Phishing protection
* Ensuring compliance for applications
* Ensuring compliance for mobile fleet
* Securing BYOD
* Become partner
* Resources
* Solution briefs
* Customer Cases
* Integration briefs
* White Papers
* Analyst reports & guides
* On demand webcast
* About us
* Blog
* Contact
* en
* FR
* DE
TOPICS
* Select a Topic
* All
* Mobile Security
* Mobile Application Security
* Cybersecurity
* Expertise
* Security Alert
* Partners
* Corporate
* News
* Events
* predictions
* Actualité
* cyberattack
STAY UP TO DATE
SUBSCRIBE TO OUR BLOG
STAY UP TO DATE
Email*
Notification Frequency
Security Alert
STRAVA: WHEN A SIMPLE FITNESS APP BECOMES A NATIONAL SECURITY THREAT
By Roxane Suau on October, 31 2024
The recent revelations by Le Monde, involving members of the security teams of
several heads of state, highlight a crucial issue in mobile security: how an
apparently harmless app like Strava can turn its users' privacy into an
exploitable vulnerability, threatening not only their safety but also that of
those around them.
The Stravaleaks case, published by Le Monde on October 27, 2024, demonstrates
how the use of the Strava app enabled journalists to predict the future
movements and meeting locations of political figures such as Presidents Emmanuel
Macron, Joe Biden, and Vladimir Putin.
This investigation shows that an app does not need to be designed with malicious
intent to pose a security risk, and that cybersecurity awareness has its limits.
RECREATIONAL APPS: A MAJOR THREAT IN A PROFESSIONAL CONTEXT
Strava, the popular fitness-tracking app, is not malicious. However, its model
is based on collecting and sharing location data, allowing users to track their
routes and interact with others. In an anonymous context, this usually has
minimal consequences. But when this data is identifiable, it reveals near
real-time movements, routines, strategies... When such information is linked to
high-ranking government officials, political figures, or other leaders or public
personalities, it exposes them to the risk of espionage, cyber and physical
attacks.
RAISING AWARENESS AMONG MOBILE USERS IS NOT ENOUGH TO ENSURE SECURITY
Despite awareness and training efforts, the understanding of risks related to
mobile use remains insufficient, even in the most exposed environments. While
heads of state and senior officials are often surrounded by sophisticated
security teams, the use of certain personal tools, such as health or
fitness-tracking apps, is still not perceived as a potential security threat. No
sector is immune, as mobile devices are still often mistakenly seen as
inherently secure by their users.
MOBILE DEVICES REQUIRE DEDICATED SECURITY TO CONTROL DATA DISCLOSURE
The Stravaleaks case raises a crucial question: how do we protect mobile user
data, especially when it is highly sensitive in a given context? The solution to
this problem lies in three key capabilities: identifying potential data access,
contextualizing it, and blocking it if it poses a threat.
At Pradeo, we understand that each user and usage context is unique. Pradeo's
mobile fleet protection solution offers contextual mobile security, adapting to
the realities of users and the confidentiality requirements of all sectors.
Thanks to behavioral analysis technologies, our solution identifies security
events occurring on mobile devices, including those triggered by applications.
It then cross-references them with the security requirements of each user
organization. By ensuring continuous and autonomous protection of mobile
devices, our solution enables organizations to maintain control over their data,
even when recreational apps are used in a professional context.
This recent news is just the latest example of a mobile security breach stemming
from an otherwise harmless app. It underscores the urgent need to strengthen
cybersecurity policies to cover all aspects of digital life, including mobile
device usage.
ABOUT THE AUTHOR
More from this author
ROXANE SUAU
RECOMMENDED ARTICLES
TEMU, WHAT TO TAKE AWAY FROM THIS NEW CONTROVERSY?
- November 9, 2023
SPYNOTE MALWARE NOW TARGETING BANKING APPLICATIONS
- October 5, 2023
POPULAR ARTICLES
* SMS OTP Authentication: Not As Safe As You May Think
* Two spyware tied with China found hiding on the Google Play Store
* New malware detected on Google Play, 100.000+ users affected
* Malicious app on Google Play drops banking malware on users’ devices
* Google Play app Peel Smart Remote leaks users' pictures
STAY UP TO DATE
Email*
Notification Frequency
RECENT ARTICLES
* Strava: When a Simple Fitness App Becomes a National Security Threat
* Pradeo recognized as a leader in Mobile Threat Defense solutions by
independent research firm
* This summer, Pradeo Security underwent a major transformation!
* Smartphones and tablets : An open door to ransomwares
* Analysis of a malware exploiting Android accessibility services
ARTICLES RÉCENTS
Strava: When a Simple Fitness App Becomes a National Security Threat
- 31 October, 2024
Pradeo recognized as a leader in Mobile Threat Defense solutions by independent
research firm
- 31 October, 2024
This summer, Pradeo Security underwent a major transformation!
- 31 October, 2024
Smartphones and tablets : An open door to ransomwares
- 31 October, 2024
Analysis of a malware exploiting Android accessibility services
- 31 October, 2024
TOPICS
* Mobile Security (52)
* Mobile Application Security (39)
* Cybersecurity (27)
* Expertise (27)
* Security Alert (23)
* Partners (21)
* Corporate (12)
* News (6)
* Events (4)
* predictions (2)
* Actualité (1)
* cyberattack (1)
see all
GET IN TOUCH WITH MOBILE SECURITY EXPERTS
Contact us
European leader in mobile security, Pradeo protects business mobile devices and
applications.
Read More
* Resources
* UEM security
* Use cases
* Data protection
* Contact us
* Mobile Threat Defense
* Mobile Application Security Testing
* In-App Protection
* Secure Private Store
* Mobile Threat Intelligence
contact@pradeo.com
Copyright @ 2022. All Right Reserved.
*
*
*