Tile Encryption Risks for Users
“`html
Tile Trackers Vulnerable to Stalking, Researchers Find
Table of Contents
Security flaws in Life360’s Tile Bluetooth trackers allow for easy location tracking by stalkers and potentially the company itself, raising serious privacy concerns.
Published: November 2,2023
The Vulnerabilities in Tile Trackers
Security researchers recently detailed a series of vulnerabilities and design flaws with Life360’s Tile Bluetooth trackers. These flaws make it remarkably easy for stalkers to track the location of Tile devices, and potentially allow Life360 itself to do so. This research, shared with Wired, highlights a significant privacy risk for Tile users.
Tile trackers are small bluetooth trackers, similar in function to apple’s AirTags, but operate on their own independent network. Unlike AirTags, which leverage Apple’s vast “Find My” network, Tile relies on its own user base to detect and report the location of lost or stolen items. This difference in network architecture contributes to the security vulnerabilities.
Concerns About Bluetooth Trackers: A History
The Electronic Frontier Foundation (EFF) has been raising concerns about the potential for misuse of Bluetooth trackers as their introduction. We’ve previously noted that these devices,while useful for finding lost items,can be easily exploited for malicious purposes,including stalking. The EFF provides guidance on how to detect and remove unwanted trackers.
The core issue lies in the ability to secretly attach a tracker to someone’s belongings – a car, a bag, or even directly to their person – and monitor their movements without their knowledge. This capability creates a significant power imbalance and can be used to harass, intimidate, and control individuals.
The detecting Unwanted location Trackers (DULT) Standard and Tile’s Response
The EFF has actively worked to improve the Detecting Unwanted Location Trackers (DULT) standard, which is used by Apple, Google, and Samsung. These companies have implemented incremental improvements to mitigate stalking risks. However, Tile has been slow to adopt these crucial security measures.
A fundamental aspect of the DULT standard is the rotation of a tracker’s MAC address.This makes it considerably harder for a third party to track a device over time. Additionally, encryption of transmitted data is essential to prevent eavesdropping and location interception. According to the researchers, Tile fails to implement either of these safeguards.
Tile devices *do* have a rotating ID, but because the MAC address remains