Public Strava Activity Exposes French Aircraft Carrier Charles de Gaulle Location in the Mediterranean
What Happened – A French Navy officer uploaded a public Strava workout recorded on a smartwatch while running on the deck of the aircraft carrier Charles de Gaulle. The activity map showed the ship’s exact position in the Mediterranean, allowing anyone to track its movements in near‑real time.
Why It Matters for TPRM –
- Operational‑security lapses can reveal sensitive location data of critical assets, increasing geopolitical risk.
- Third‑party vendors (e.g., fitness‑app providers) can become inadvertent vectors for intelligence leakage.
- Similar OPSEC failures have exposed bases worldwide, underscoring the need for strict data‑handling policies for personnel.
Who Is Affected – Defense and government agencies, NATO partners, and any organization relying on the carrier for strategic operations.
Recommended Actions – Review and enforce policies restricting public sharing of location‑related data by personnel; mandate privacy‑by‑design settings on all personal devices; conduct OPSEC training focused on consumer app risks; assess third‑party app contracts for data‑exposure safeguards.
Technical Notes – The exposure stemmed from a misconfiguration (public profile) of the Strava fitness platform. No vulnerability in the carrier’s systems was exploited; the risk originated from user‑generated metadata. Source: SecurityAffairs