Tile Tracker Trouble: Hacker Swipes Customer Data in IoT Security Breach

Tile Tracking Device: Features, Functions, & Security Concerns

Dr. Frank Kardasz, June 28, 2024 

Editor: Ava Gozo.  

What is Tile?

Tile is a Bluetooth tracking device designed to help users locate misplaced items such as keys, wallets, bags, and other personal belongings. Manufactured by Tile Inc., now owned by Life360, Tile has been in the market since 2012.

How Does Tile Work?

Tile devices use Bluetooth technology to connect with a smartphone app. The functionality includes:

1. Bluetooth Range: Tile trackers have a range of 100-400 feet (30-120 meters) depending on the model.
2. Sound Alert: Users can trigger a sound from the Tile device through the app to locate items within Bluetooth range.
3. Last Known Location: If an item is out of range, the app shows its last known location on a map.
4. Reverse Finding: Users can double-press the Tile to make their phone ring, even if it's on silent mode.
5. Community Finding: Tile utilizes a network of users to help locate lost items beyond Bluetooth range. When any Tile user passes near a lost device, it can anonymously update its location.

Tile Models and Features

Tile offers several models with varying features:

1. Tile Pro: The most powerful model with a range up to 400 feet and the loudest ring.
2. Tile Mate: A mid-range option with up to 250 feet range.
3. Tile Slim: Designed for wallets and flat surfaces.
4. Tile Sticker: The smallest option for attaching to various items.

Key features across models include water resistance (IP67 rated), battery life up to 3 years (some with replaceable batteries), and QR code functionality for easier returns if found.

Associated Apps and Compatibility

The primary app associated with Tile is the Tile app, available for both iOS and Android devices. Tile is also compatible with smart home assistants like Amazon Alexa, Google Assistant, and Siri.

Recent Hacking Incident

In June 2024, Tile faced a significant security breach:

1. Incident Overview: A hacker obtained personal information of some Tile customers, including names, email addresses, and in some cases, home addresses.
2. Method of Breach: The hacker accessed data through a third-party vendor used by Tile for marketing purposes.
3. Severity: The breach was more severe than initially reported. The hacker claimed to have access to internal Tile tools that could potentially be used to track devices in real-time.
4. Company Response: Tile notified affected customers, advised them to change passwords, and is working with law enforcement to investigate the breach.

According to 404 Media, the hacker gained access to internal Tile tools that could potentially be used to track devices in real-time. The hacker demonstrated their access by sending screenshots of internal Tile interfaces to 404 Media, showing capabilities such as looking up customer information, transferring ownership of Tile devices, and even sending push notifications to users' phones. The hacker claimed they "had access to everything" and could theoretically track any Tile device. However, they stated they did not actually track anyone's location. This revelation raises significant privacy and security concerns for Tile users, as it demonstrates the potential for misuse of the company's internal systems.

Life360, Tile's parent company, downplayed the extent of the breach in their initial statements. They claimed that location data was not compromised, but the hacker's access to internal tools suggests that real-time tracking capabilities were potentially within reach.

Consumer Protection Steps

In light of the recent security incident, consumers are advised to:

1. Change passwords for Tile accounts and any other accounts using the same credentials.
2. Enable two-factor authentication where available.
3. Be cautious of phishing attempts using the stolen information.
4. Monitor credit reports and financial accounts for suspicious activity.
5. Consider using Tile's "Scan and Secure" feature to detect unwanted trackers.

Investigator Steps

To address the Tile hacking situation, investigators should:

1. Analyze the extent of the data breach and identify and notify all affected customers.
2. Investigate the third-party vendor's security practices and how the breach occurred.
3. Determine if the hacker exploited any vulnerabilities in Tile's systems.
4. Collaborate with other law enforcement agencies to track down the hacker.
5. Review and strengthen Tile's data protection measures and third-party vendor management.
6. Conduct a security audit of Tile's entire ecosystem.

This incident highlights the importance of robust security measures for IoT devices and the need for companies to carefully vet third-party vendors. As the IoT tracking device market continues to grow, balancing convenience with security remains a critical challenge.

References

Cox, J. (2024, June 12). Hacker accesses internal Tile tool that provides location data to cops. 404 Media. https://www.404media.co/email/74dedd5b-6e4c-45ae-9eb4-d6c1cc886cb0/

Fingas, J. (2024, June 28). A hacker obtained Tile customers' personal information. Engadget. https://www.engadget.com/a-hacker-obtained-tile-customers-personal-information-171632302.html

Other Links:

[1] https://www.tile.com/en-us/blog/everything-you-need-to-know-about-tile-tags
[2] https://www.tile.com/en-us
[3] https://www.macrumors.com/2024/06/12/tile-hacked-customer-data-obtained/
[4] https://www.pcmag.com/news/hackers-hit-company-behind-tile-tracker-steal-customer-data
[5] https://www.newsnationnow.com/business/tech/tile-user-data-hack/
[6] https://www.cnn.com/cnn-underscored/reviews/tile-mate
[7] https://support.thetileapp.com/hc/en-us/articles/4563823537431-Tile-Scan-and-Secure-Overview
[8] https://www.spiceworks.com/it-security/data-security/news/tile-hit-massive-data-breach-customer-data-compromised/
[9] https://opalbiz.com/2024/06/life360-confirms-a-hacker-stole-tile-tracker-ids-and-customer-information/
[10] https://hackread.com/location-tracker-tile-data-breach-hackers/
[11] https://www.whatsthebest.co.uk/tech/electronics/tile-review/
[12] https://foundation.mozilla.org/en/privacynotincluded/tile-mate/
[13] https://dataconomy.com/2024/06/13/tile-data-breach-life360-2024/
[14] https://www.cbs42.com/news/national/tile-user-data-potentially-hacked-in-extortion-attempt-life360/
[15] https://www.androidauthority.com/tile-hacker-3451106/
[16] https://www.cnbc.com/2023/02/16/bluetooth-tracker-tile-has-new-approach-for-stopping-thieves-stalkers.html
[17] https://support.thetileapp.com/hc/en-us/articles/201259973-Tile-Security-Privacy-Policy
[18] https://www.theverge.com/2024/6/12/24176889/tile-life360-customer-data-breach-hacker-extortion
[19] https://www.askwoody.com/forums/topic/tile-customer-data-and-tracker-ids-hacked-life360-confirms/
[20] https://tech.co/news/data-breaches-updated-list

=-=-=-=

Link to this page: https://kardasz.blogspot.com/2024/06/tile-tracker-trouble-hacker-swipes.html