"A trio of researchers led by assistant professor Michael Specter found [PDF] a number of flaws in Tile trackers, they say disprove many of Tile maker Life360's security and privacy guarantees. Most shocking, say the researchers, is the fact that Tile servers continually collect tag locations, MAC addresses, and unique ID codes without end-to-end encryption, while the tags themselves broadcast unencrypted Bluetooth signals that can be sniffed to track someone else's device."
"According to their research, conducted by decompiling the Tile app on Android, studying its code and analyzing the Bluetooth and network traffic between a Tile Mate device manufactured in 2022 and a rooted Google Pixel 3XL smartphone, Tile's anti-stalking features are just as useless as relying on a tracker that constantly broadcasts a fixed MAC address in plain text over Bluetooth."
Tile servers continually collect tag locations, MAC addresses, and unique ID codes without end-to-end encryption. The tags broadcast unencrypted Bluetooth signals that can be sniffed to track devices. Tile tracker MAC addresses are static, and periodically-cycled unique IDs are only semi-randomized and reused, enabling adversaries to link private IDs over time and track devices. Anti-stalking features are ineffective when tags constantly broadcast fixed identifiers in plain text. Testing involved decompiling the Tile Android app and analyzing Bluetooth and network traffic between a 2022 Tile Mate and a rooted Google Pixel 3XL. Network integrations and partnerships have increased stalking risk despite OS mitigations.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]