Researchers have identified significant security flaws in Tile tracking tags, which could enable both the company and tech-savvy stalkers to track users’ locations. This was reported on September 29, 2025.
Security vulnerabilities in Tile trackers
The security issues with Tile tags stem from how they transmit data. Tile tags send more data than other trackers, including a static MAC address and a rotating ID. None of this information is encrypted, making it vulnerable to interception.
Researchers believe that this data is stored in cleartext, allowing hackers to access it easily. While Tile claims it cannot track users, the flaws suggest that the company could theoretically do so.
Furthermore, anyone with a radio frequency scanner can intercept the data being transmitted. Even if Tile stops sending the MAC address, the way it generates the rotating ID allows future codes to be predicted from past ones.
“An attacker only needs to record one message from the device,” a researcher stated, adding that a single recorded message will “fingerprint it for the rest of its lifetime.” This creates a risk of systemic surveillance.
Company response to findings
Researchers from the Georgia Institute of Technology contacted Tile’s parent company, Life360, in November of the previous year to report these findings. However, communication ceased in February. The company has stated that it has made several improvements to its security, but did not provide specific details.
