A serious flaw has been found in Tile trackers that allows the company and tech-savvy stalkers to track the whereabouts of their owners. What's more, the vulnerability allows attackers to pose as tracker owners as stalkers, making it appear that they are constantly near another person's tag, Wired reports.
Unlike other trackers, Tile devices transmit much more data, including a static MAC address and a changing identifier. Furthermore, this data is not encrypted, and while the identifier changes, the MAC address remains the same.
The researchers who discovered the vulnerability believe that all of this information is stored in the open, making it easy for hackers to obtain. It also theoretically allows Tile to track its users, although the company claims it cannot do so.
Another security concern is that anyone with a radio scanner could intercept the data as it was being transmitted. And even if Tile stopped transmitting MAC addresses, that wouldn't help, because the system generates variable identifiers so that future codes can be predicted from previous ones. Security experts say an attacker would only need to record a single message from the tracker. That makes system surveillance possible.
Experts from the Georgia Institute of Technology reached out to Tile's parent company, Life360, in November 2024, but the company stopped communicating with them in February 2025. Tile said it had made a number of improvements to its security, but did not provide further details.