Hard core athletes and wannabes alike use the Strava app to track their runs, bikes, swims, and more. Most athletes compete, nay, fight to the death for the top “leaderboard” spot on a given segment of a run. Want to be the fastest down the Mall? Want to outpace professional marathon runners in the Marine Corp Marathon? Without ever tying your shoe laces?
Let me show you the hacker’s way up the leaderboard. By examining and manipulating the GPX file format, scraping and inserting geolocation data, and using good old command line utilities I will show you how to craft a Gold Medal performance — and make you the envy of all the “elite” runners around you. This talk highlights the absence of data validation in the file upload feature of mainstream fitness tracking tools. And opens the floor to a broader discussion of expectations, reality, competition, and fraud.
Mika Devonshire (@cybermeeks) is an offensive cyber systems engineer at BAE Systems. Prior to BAE, Ms. Devonshire served on the internal security team at Silent Circle, a Swissowned encrypted communications firm, and as Product Manager of a mobile authentication app at MicroStrategy. Ms. Devonshire holds a Masters in Digital Forensics from George Washington University, and a Bachelors in Comparative Literature from Princeton. She holds several certifications including Network+, Security+, and CEH and is currently pursuing her OSCP.