Vulnerability in Tile Trackers

Researchers have discovered that Tile’s Bluetooth trackers send their unique IDs and MAC addresses in clear text. Unlike other manufacturers that regularly rotate these identifiers, Tile only changes the unique ID, leaving the MAC address constant. This means that once an attacker records a single transmission, they can associate that MAC address with a specific tag for its entire lifespan.

Potential for Stalking

The unencrypted data can be captured with ordinary Bluetooth‑enabled devices or an antenna, allowing a malicious actor to monitor the movements of a person carrying the tag. The researchers note that this flaw could be exploited to track victims without their knowledge, raising significant privacy and safety concerns.

Anti‑Theft Mode Limitations

Tile’s anti‑theft mode, marketed as a way to make a tracker “invisible” on the network, does not prevent the underlying identifier leakage. The feature requires users to provide a photo ID and agree to a potential fine of $1 million for misuse, but it does not stop a determined stalker from capturing the tag’s signal before the mode is activated.

Expert Commentary

Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, has long warned about the risks of Bluetooth trackers. She emphasized that rotating MAC addresses and encrypting transmissions are basic best practices that Tile fails to implement.

Tile’s Response

Life360, the parent company of Tile, issued a statement saying it has made a number of improvements since the researchers reported the issue. The company highlighted its participation in the HackerOne bug‑bounty program and its commitment to collaborating with law enforcement in cases of alleged misuse.

Academic Investigation

The vulnerability was identified by Akshaya Kumar, Anna Raymaker, and Michael Specter of the Georgia Institute of Technology, who reverse‑engineered the Tile app to expose the flaw. Their findings were published in a detailed report that compares Tile’s security practices with those of competitors such as Apple’s AirTags and Samsung’s SmartTags.

Implications for the Industry

This discovery adds pressure on the broader Bluetooth‑tracker market to adopt stronger encryption and identifier‑rotation standards. It also underscores the need for users to be aware of the privacy risks associated with personal tracking devices.

Dieser Artikel wurde mit Unterstützung von KI verfasst.
News Factory SEO hilft Ihnen, Nachrichteninhalte für Ihre Website zu automatisieren.