Tile is considered a practical tool for finding lost items. The small Bluetooth tags can be used to locate keys, bags, or backpacks. But new research shows that this very technology poses a security risk. Tile has vulnerabilities that could allow not only the company itself, but also attackers or even stalkers to track people's locations or falsely accuse them of surveillance.
Bluetooth trackers like Tile or Apple's AirTags are now widely used. They essentially work on the same principle: They send signals that are picked up by nearby smartphones to determine the location of a tag. But the differences lie in the details – and that's precisely where massive problems arise. While AirTags encrypt data and thus better protect privacy, Tile tags rely on an insecure architecture. The consequences can be serious.
Differences between AirTags and Tile
AirTags and Tile change their identification codes every 15 minutes to prevent the signals from becoming permanently linked to a device. Apple only transmits the changing codes and encrypts all data. Tile, on the other hand, also sends a static MAC address that never changes and transmits both unencrypted. This fundamentally differs from Apple's solution and opens the door to misuse.
Unencrypted data transfer
Researchers Akshaya Kumar, Anna Raymaker, and Michael Specter from the Georgia Institute of Technology were able to show that Tile transmits the MAC address unencrypted along with the rotating code. This combination allows a Tile tag to be permanently identified. In addition, location data, MAC addresses, and IDs are sent unencrypted to Tile's servers. According to the researchers, this information could be stored there in plain text. This means that Tile could theoretically track the location of tags and their owners at any time, although the company claims not to do so.
Attacks with simple means
The problem is exacerbated by the fact that this data can also be intercepted from the outside. With a radio frequency scanner, the unencrypted signals can easily be read. Even more serious is the fact that the rotation IDs are not truly secure either. The way Tile generates these codes makes it possible to derive future IDs from already known ones—even from just a single recorded code. This means that a quick scan is enough to identify a Tile tag for the rest of its lifetime.
Risks to monitoring
The vulnerabilities mean that Tile tags are not only useful in everyday life, but can also be misused for systematic surveillance. Anyone who has been scanned once can essentially remain under surveillance forever. This vulnerability is particularly explosive because it can affect users for years.
Weaknesses in anti-stalking protection
Tile does have an anti-stalking feature that's supposed to indicate when someone else is carrying a tracker. However, there's a crucial limitation: If the anti-theft feature is activated, the tag disappears from these scans. This makes it possible for a stalker to hide a Tile tag in anti-theft mode and remain undetected. The actual protection mechanism is thus undermined.
Danger of false accusation
Another attack scenario demonstrates the danger of the unencrypted data structure. Using an antenna, the signals of a foreign Tile device can be intercepted. The MAC address and ID can then be rebroadcast to another location. If someone performs an anti-stalking scan there, this data appears and is sent to Tile's servers along with the location. This could make it appear as if the original Tile owner had been to that location. This makes it possible to portray a completely innocent person as a stalker. Since Tile cannot distinguish between genuine and manipulated signals, this attack remains undetectable.
Company response
The security researchers reported their findings to Life360, Tile's parent company, in November of last year. Initially, there was communication, but the company stopped communicating in February. While Life360 told Wired that it had made security improvements, it remains unclear whether the vulnerabilities described have actually been fixed.
Tile in Apple's shadow: Security remains open
The research results suggest that Tile has far greater security vulnerabilities than previously known. Unencrypted data, predictable identification codes, tamper-evident anti-stalking protection, and the potential for falsely charging users demonstrate that the technology poses significant risks. While Apple relies on a high level of security with AirTags, Tile has been criticized for neglecting basic protection measures. As long as it remains unclear whether the reported issues have actually been resolved, Tile remains an unsafe tool – practical in everyday life, but dangerous to privacy. (Image: Life360 / Tile)
- iOS 26.0.1: Apple's next update solves annoying iPhone bugs
- Apple and Foxconn: Report reveals harsh working reality
- Apple warns of DMA: When regulation becomes a risk
- Apple in Europe: What are the real consequences of the DMA?
- Fraudulent apps: Study shows enormous increase due to AI
- iPhone 17 Pro with scratches? Apple clarifies cause in stores
