Georgia Tech researchers just exposed serious security flaws in Tile's tracking network that could enable mass surveillance of its 88 million users worldwide. The team found that Tile transmits unencrypted location data, MAC addresses, and device IDs - giving stalkers and potentially law enforcement the ability to track users despite the company's privacy claims. This puts Tile users at significantly higher risk than competitors like Apple AirTags.
The tracking device industry just got hit with a bombshell security report that exposes how Tile's popular location tags create a massive surveillance risk for their 88 million users worldwide. Georgia Tech researchers Akshaya Kumar, Anna Raymaker, and Michael Specter spent months reverse-engineering Tile's system and found fundamental design flaws that competitors like Apple, Google, and Samsung specifically avoid.
The core problem is encryption - or rather, the lack of it. While Apple's AirTags and Google's Find My Device network encrypt all broadcast data and location reports, Tile transmits everything in plaintext. Each Tile tag continuously broadcasts its MAC address and unique ID unencrypted, allowing anyone with a Bluetooth antenna or modified Tile app to intercept and track these signals.
"An attacker only needs to record one message from the device to fingerprint it for the rest of its lifetime," Kumar told WIRED. This creates what the researchers call "systemic surveillance" risk for anyone carrying a Tile device or Tile-enabled products from Dell, Bose, and Fitbit.
The surveillance capability extends far beyond individual bad actors. Law enforcement could potentially use this vulnerability to identify anyone in a specific area who carries a Tile device, while the company itself appears to maintain the technical capability to track all users despite privacy policy claims stating "you are the only one with the ability to see your Tile location."
The researchers believe location data gets stored unencrypted on Tile's servers, transforming what should be a simple lost-item finder into what they describe as "Tile's infrastructure into a global tracking network." This stands in stark contrast to competitors who use end-to-end encryption specifically to prevent companies from accessing user location data.
Apple, Google, and Samsung have "designed their system intentionally such that they aren't able to recover your location," researcher Michael Specter explained. "Because they don't want to be in the business of knowing where all people are at all times."
