Tile Trackers Found to Have Unencrypted Data Vulnerability

Security Flaw Details

Researchers affiliated with the Georgia Institute of Technology identified a significant security weakness in Tile tracking tags. The devices broadcast both a static MAC address and a rotating identifier during normal operation. According to the investigators, none of this information is encrypted, meaning the data is sent in cleartext and can be captured by any radio‑frequency scanner.

The rotating ID changes frequently, but the MAC address remains constant. Because the MAC address is not concealed, an attacker can record a single transmission and use it to “fingerprint” the tag for the rest of its lifespan. This capability could allow systematic surveillance of a tag’s location over time.

Potential Impacts

The unencrypted broadcast creates multiple privacy concerns. First, the company itself could theoretically track users, although Tile’s parent, Life360, asserts it lacks that capability. Second, malicious actors could intercept the data and use it to monitor individuals, potentially facilitating stalking. The researchers warned that the flaw could also enable false accusations, as an attacker might make it appear that a particular Tile tag is constantly near another person’s device.

Because the data is unprotected, anyone equipped with a simple RF scanner can capture the information, expanding the attack surface beyond sophisticated hackers to a broader range of potential perpetrators.

Company Response

The research team reached out to Life360 in November to disclose the vulnerability. Communication reportedly halted in February, after which the company announced it had made “a number of improvements to its security,” though it did not provide specific details about the changes. No further dialogue between the researchers and Life360 was documented.

Life360’s statement suggests that the company recognized the issue and took steps to address it, but the lack of transparency leaves questions about the effectiveness of the mitigations.

Broader Context

This discovery highlights ongoing challenges in the Internet of Things (IoT) space, where many consumer devices prioritize convenience over robust security. The Tile case underscores the importance of encrypting all transmitted data, especially identifiers that can be linked to physical locations.

As more users adopt Bluetooth‑based trackers for personal items, the industry may face increased scrutiny regarding privacy protections and the need for secure design practices.

Este artículo fue escrito con la asistencia de IA.
News Factory SEO te ayuda a automatizar contenido de noticias para tu sitio.