Overview

• Georgia Tech researchers report that Tile trackers broadcast a rotating ID and a static MAC address in plaintext, and the rotating IDs can be predicted from a single capture.
• The weaknesses allow persistent fingerprinting and long-term tracking by anyone using common RF or Bluetooth sniffing tools.
• Attackers can replay captured identifiers in a different place, making it appear in scans and server records that a tag was near someone who never encountered it.
• Tile’s anti-theft mode hides trackers from user detection scans, undermining protections intended to warn people of unwanted tracking.
• Researchers say tags’ location, MAC, and unique ID are sent to Tile’s servers unencrypted and likely stored in cleartext, while Life360 says only that it has made unspecified improvements since the November 2024 disclosure.