{“lastseen”:”2025-09-30T18:11:37″,”description”:”Researchers at the Georgia Institute of Technology scrutinized the security of the popular Tile tracker and came out disappointed.\\n\\nBluetooth trackers are a steadily growing market, and Life360 is one of the major players. In 2021, Amazon expanded its Sidewalk network to include Tile. That means Ring cameras and Echo devices can act as relays, picking up the location of Tile trackers and phones running the Tile app.\\n\\nReportedly, some 88 million Tile trackers are in use worldwide, but researchers reported that Tile trackers were not as safe as they hoped. The major problem the researchers found is that the trackers broadcast an unencrypted, static MAC address and unique ID. To allow users to find their wallet or lost items, other Bluetooth devices or radio-frequency antennas in a tracker’s vicinity can pick up these signals to follow the movements of the tracker.\\n\\nThat\u2019s the whole point, you\u2019d think. But let me clarify what\u2019s wrong with this method. \\n\\nOther trackers don\u2019t broadcast their actual MAC address. Instead, they send out a temporary ID based on it, which makes long-term tracking harder. Tile does things differently: while it rotates the unique ID, it still transmits the same MAC address. Researchers also found the rotating ID generation was weak and could allow continuous tracking.\\n\\nThe receiver then sends the tracker’s location, MAC address, and unique ID to a server without encryption. The researchers believed the server stored this information in cleartext, which would mean Life360 could continuously monitor the location of trackers and their owners who have the app installed.\\n\\nAs one of the researchers put it while warning about the dangers:\\n\\n\\u003e \u201cAn attacker only needs to record one message from the device \u2026 to fingerprint it for the rest of its lifetime.\u201d\\n\\nThis could pose a major problem in case of a breach or if your tracker was caught in a mass scan. In other tracker systems, the information about the location of a tag is decrypted by using a key only available on the user\u2019s phone, so only the owner can see this information.\\n\\nAnother issue is Tile’s anti-stalking feature. After concerns were raised about the ability to stalk persons with these trackers, most manufacturers added automatic alerts that warn the user if a tracker that is not theirs is following them around.\\n\\nWith Tile, the app doesn\u2019t scan in the background\u2014the user has to start the scan manually. Even then, it only works if the user keeps moving around for 10 minutes.\\n\\nThis behavior could be due to a feature that Tile offers and others don\u2019t: anti-theft mode. Tile users have the ability to make their trackers invisible to others, so would-be thieves can\u2019t scan an area to see if there are any items with a Tile in the vicinity.\\n\\nBut stalkers could abuse the same feature. They would still see the tag\u2019s location, while the victim\u2019s scan would not detect it, leaving them unaware of a rogue device.\\n\\nTo enable Anti-Theft Mode, Tile requires a government-issued ID, a live photo of the user, and agreement to a $1 million fine if convicted of stalking. While this could deter some abusers, researchers note it isn\u2019t clear whether the penalty is enforceable.\\n\\nThe researchers concluded that many of the problems they found with Tile trackers could be solved by encrypting the signals it broadcasts, and they didn\u2019t understand why the company apparently hadn\u2019t followed the example of its competitors.\\n\\nThat sounds easier than it might be though. In February 2025, researchers found a way to track any Bluetooth device using nRootTag vulnerability in the \\”Find My\\” network. Apple has a partial fix out, but full protection may take years. This shows that a redesign from (almost) scratch could be a lengthy and costly process.\\n\\nIn a statement to The Verge, a spokesperson for Life360 said the company had \u201cmade a number of improvements\u201d since researchers reported the issue last November, although didn’t provide any details about the fixes. From the statement:\\n\\n\\u003e Using a Tile to track someone\u2019s location without their knowledge is never okay and is against our terms of service.\\n\\nTo help you find the main differences between Tile and other trackers, we constructed this overview.\\n\\n**Features**| **Tile**| **Others** \\n—|—|— \\nStatic MAC address| Uses static MAC addresses, enabling persistent tracking by anyone nearby.| Uses rotating MAC addresses that change frequently to prevent tracking. \\nData transmission| Broadcasts unique IDs and device data unencrypted via Bluetooth, which is easily intercepted.| Uses encrypted communication with nearby devices, protecting data in transit. \\nData storage| Stores location and device data unencrypted on own servers, making it vulnerable to breaches.| Stores encrypted data on servers, reducing risk from breaches. \\nDetection of unwanted trackers| Requires users to manually scan with Tile app\u2019s Scan and Secure feature, which is less intuitive.| Automatically alerts users of unknown trackers traveling with them and provides disabling them. \\nAnti-theft feature| Offers \u201canti-theft mode,\u201d which hides trackers from detection scans, but which makes automatic stalking alerts ineffective.| No equivalent feature. \\n \\n* * *\\n\\n**We don ‘t just report on privacy\u2014we offer you the option to use it.**\\n\\nPrivacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.”,”published”:”2025-09-30T15:46:48″,”modified”:”2025-09-30T15:46:48″,”type”:”malwarebytes”,”title”:”Tile trackers plagued by weak security, researchers warn”,”source”:””,”references”:””,”id”:”MALWAREBYTES:3407D288B0F16D12AEFF0ADCD983E9FF”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/09\/tile-trackers-plagued-by-weak-security-researchers-warn”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-09-30T18:11:37″,”description”:”Researchers at the Georgia Institute of Technology scrutinized the security of the popular Tile tracker and came out disappointed.\\n\\nBluetooth trackers are a steadily growing market,…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-19725","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n