Researchers have found that Tile locators have serious security gaps that can allow users to track.
Since the premiere of the Airtags – although they were not particularly revolutionary devices – the market was flooded with locators of various companies that quickly gained popularity. It is not surprising – the pocket locator has not once saved me from losing the keys, but by locating objects, you must also keep in mind that their owner can be located and not only by the manufacturer, but also by stalkers. Tile locator users can now deal with such problems – all because of a serious gap in security.
Why tile can expose users to tracking
At first glance, Tile and Airtag technology works similarly. In both cases, we are dealing with a small device that sends a Bluetooth signal received by nearby smartphones. Every tag every several minutes changes its identifier, which theoretically prevents long -term tracking. However, the differences come to light when we look at the details of the implementation. In Airtags, all transmissions are encrypted, and the device only spreads the rotating ID code. This means that even when someone intercepts the signal, it is not possible to connect it permanently with a specific device. As you probably guessed, you don’t use such security tiles.
According to researchers from the Georgia Institute of Technology, the company’s locators send not only variable code, but also a static Mac – a unique number assigned to the device. Even worse, neither the MAC address nor the identifier are encrypted. This opens the door to both the manufacturer and third parties to track devices and their owners – in the case of such devices as locators such a gap is almost unacceptable.
Interestingly, the problems do not end there. It was discovered that way Generating subsequent identifiers in Tile is defective – from one intercepted code you can predict all the next ones. In practice, this means that only one signal saved is enough to track down. Transmitted Data – including location, Mac and ID address – go in the form of unacceptable tile servers. Researchers suspect that they are stored there. This means that the company has a technical ability to monitor the movements of each owner of its tags – although it should not in theory.
Stalkers rub their hands and the tile is silent
What does all this mean for users? Well, that everyone with a radio scanner can capture the details of the Tile locator – basically without any restrictions. They are not protected by a built-in stalking protection function, because it is simply a leaky-if the tag owner turns on Anti-Theft, the device becomes invisible not only for a potential criminal, but also for a person who tries to check whether he is accidentally followed.
Researchers indicate that the most alarming is the prospect of fabricating evidence on stalking. It is enough for a third party to capture a signal from someone else’s tile and then recreate him elsewhere. In this case, the system will note that the tag was near a particular person – although it was not in fact.
Editorial Wired He reports that researchers reported this information to Tile in November last year and although initially the company was open to contact, it has simply not responded to correspondence for a long time. The current position is that Tile introduced some improvements, but it has not been specified what issues exactly.
