Busting GPS Exercise Data Out Of Its Garmin-controlled IoT Prison

If you take to the outdoors for your exercise, rather than walking the Sisyphusian stair machine, it’s nice to grab some GPS-packed electronics to quantify your workout. [Bunnie Huang] enjoys paddling the outrigger canoe through the Singapore Strait and recently figured out how to unpack and visualize GPS data from his own Garmin watch.

By now you’ve likely heard that Garmin’s systems were down due to a ransomware attack last Thursday, July 23rd. On the one hand, it’s a minor inconvenience to not be able to see your workout visualized because of the system outage. On the other hand, the services have a lot of your personal data: dates, locations, and biometrics like heart rate. [Bunnie] looked around to see if he could unpack the data stored on his Garmin watch without pledging his privacy to computers in the sky.

Obviously this isn’t [Bunnie’s] first rodeo, but in the end you don’t need to be a 1337 haxor to pull this one off. An Open Source program called GPSBabel lets you convert proprietary data formats from a hundred or so different GPS receivers into .GPX files that are then easy to work with. From there he whipped up less than 200 lines of Python to plot the GPS data on a map and display it as a webpage. The key libraries at work here are Folium which provides the pretty browsable map data, and Matplotlib to plot the data.

These IoT devices are by all accounts amazing, listening for satellite pings to show us how far and how fast we’ve gone on web-based interfaces that are sharable, searchable, and any number of other good things ending in “able”. But the flip side is that you may not be the only person seeing the data. Two years ago Strava exposed military locations because of an opt-out policy for public data sharing of exercise trackers. Now Garmin says they don’t have any indications that data was stolen in the ransomware attack, but it’s not a stretch to think there was a potential there for such a data breach. It’s nice to see there are Open Source options for those who want access to exercise analytics and visualizations without being required to first hand over the data.

Make XKCD-Style Plots From Python

[Randall Munroe] certainly understands the power of graphical representation of data. The humorous plots in his xkcd webcomic are one of the favorite parts for many readers. Their distinctive, Tufteian style delivers the information – in this case, a punch line – without excessive decoration. To be honest, we can’t get enough of them. A recent reddit thread reminded us that you can generate a similar look for your own data (humorous or otherwise) in Python using Matplotlib.

If you already have a plot generated with Matplotlib, activating xkcd-mode is as simple as calling a method on the pyplot object:

matplotlib.pyplot.xkcd()

The documentation recommends that you install the “Humor Sans” font for best effect. On one of our linux boxes, we were able to do this with a simple:

sudo apt-get install fonts-humor-sans

There will undoubtedly be similar incantations for other operating systems. It’s really that simple. In fact, the featured image above was generated with this minimal script:

#!/usr/bin/env python3

import numpy as np
import matplotlib.pyplot as plt

x = np.linspace(0, 1, 100)
y = (x > 0.5) * (x - 0.5)

plt.xkcd(scale=5, length=400)
plt.xticks([])
plt.yticks([])
plt.ylabel('Downloads of "humor sans" font')
plt.text(0, 0.25, 'Article on xkcd() published')
plt.plot(x, y)
plt.plot([0.3, 0.475], [0.2, 0.025], 'black')
plt.gca().set_aspect(2*9/16)
plt.savefig('xkcd_plot.png', dpi=300)

Beyond generating humorous graphs for those with little artistic talent, these plots can also be used instead of hand-drawn sketches to indicate a simple model or expected result. The comic look of the plots conveys the idea that they don’t represent actual data, perhaps only a concept. We saw this done at one of the talks at the Hackaday SuperConference 2018.

We’ve also covered some of the xkcd comics before, such as when they subtly dissed Arduino back in 2010, before that was cool.