Tile trackers, used to locate everything from lost keys to stolen pets, are used by more than 88 million people worldwide, according to Tile’s parent company, Life360. But researchers who examined the tracking technology have found design flaws that would let stalkers—or potentially the manufacturer itself—track the location of Tile users and their devices, contrary to claims the company has made about the security and privacy of its devices.
The researchers—Akshaya Kumar, Anna Raymaker, and Michael Specter of Georgia Institute of Technology—found that each tag broadcasts an unencrypted MAC address and unique ID that can be picked up by other Bluetooth devices or radio-frequency antennas in a tag’s vicinity to track the movements of the tag and its owner. The location of a tag, its MAC address, and unique ID also get sent unencrypted to Tile’s servers, where the researchers believe this information is stored in cleartext, giving Tile the ability to track the location of tags and their owners, even though the company claims it does not have this capability.
The researchers say this would give Tile the ability to conduct “mass surveillance” on its users and potentially provide that information to law enforcement and others.
The researchers also found that Tile’s anti-stalking protection can be easily undermined if a stalker enables an anti-theft feature that Tile offers with its tags. Additionally, someone could falsely frame a Tile owner for stalking by recording the unencrypted broadcasts their Tile device makes and replaying these broadcasts in the vicinity of another Tile user, making it seem like the former is stalking the latter.
The researchers reported their findings to Tile’s parent company, Life360, last November, but they say the company stopped communicating with them in February. WIRED sent Life360 an email asking for a response to the issues raised by the researchers, but a spokesperson sent a reply that did not explicitly address the problems. The email said only that the company had “made a number of improvements” since receiving the researchers’ report, without specifying what those were.
Tile sells stand-alone tags, but its tracking technology is also embedded in laptops, headphones, smartwatches, and other products made by companies like Dell, Bose, and Fitbit. The researchers reverse engineered Tile’s protocol and Android mobile app used with the Tile Mate, the company’s most popular tracker tag. They say their findings may not apply to other models of Tile tags or the Tile technology used in products made by third parties.
How Tile Tags Work
Tile trackers operate similarly to tracking tags made by Apple, Google, and Samsung. But Tile’s system differs in important ways. Like the others, Tile tags are battery-powered and use Bluetooth to broadcast their location to a user’s phone. Users can slip a tag into a briefcase, luggage, or vehicle, or attach it to keys, a phone, laptop, or even a pet collar to track the location of these items.
Each Tile tag broadcasts the tag’s MAC address and a unique ID, which changes periodically. If an item paired with the tag goes missing the owner, using their Tile app, can instruct the tag to emit a sound to locate it. For items farther away, the system relies on the network of phones belonging to other Tile users. These also pick up the broadcast of any Tile device near them. And since 2021, Ring cameras, Echo devices, and Tile tags have been integrated into Amazon’s Sidewalk network, meaning Ring and Echo devices can pick up the location of Tile tags as well.
Disclaimer: This news has been automatically collected from the source link above. Our website does not create, edit, or publish the content. All information, statements, and opinions expressed belong solely to the original publisher. We are not responsible or liable for the accuracy, reliability, or completeness of any news, nor for any statements, views, or claims made in the content. All rights remain with the respective source.