Wi-Fi Routers Can Identify People with Stunning Precision (Even When Their Phones Are Off)
A by-product of modern Wi-Fi could soon be used to identify you.
by Mihai Andrei · ZME ScienceResearchers in Germany have warned that ordinary Wi-Fi could become a surprisingly powerful surveillance tool.
A team at Karlsruhe Institute of Technology showed that Wi-Fi signals can reveal whether people are present, where they are, what they are doing, and, in some cases, identify the person. In their main experiment, the system identified people with 99.5% accuracy.
The unsettling part is that this does not necessarily depend on your phone. You do not have to be connected to the network. You do not even have to carry a Wi-Fi device.
It Doesn’t Even Matter If You Use the Wi-Fi
Every time we move through a wireless field, our bodies slightly reshape the radio waves around us. This has been known for years. Radio waves bend and scatter as they pass through walls, furniture, and bodies, and previous studies have suggested that this can be used to identify people.
The new study focuses on beamforming, a feature that started with Wi-Fi 5, a protocol introduced in 2013. Instead of spraying radio waves equally in every direction, a router can shape transmissions toward a specific device. This helps create a stronger and more efficient connection.
To make beamforming work, devices report information about the radio channel between themselves and the access point. In simple terms, they send back little summaries of how the signal is traveling through the room.
That feedback, which makes Wi-Fi more efficient, is also exposed. It’s unencrypted signal, which means an attacker doesn’t even need to join the network or control your router. All they need is a device within range that can listen to the signal.
Peek-A-Boo
The researchers focused on beamforming feedback information, or BFI. Their approach, called BFId, is different from older Wi-Fi sensing methods that rely on channel state information, or CSI. CSI can be powerful, but it is harder to access on ordinary devices. Beamforming feedback is more widely available in modern Wi-Fi hardware.
×
Get smarter every day...
Stay ahead with ZME Science and subscribe.
Daily Newsletter
The science you need to know, every weekday.
Weekly Newsletter
A week in science, all in one place. Sends every Sunday.
No spam, ever. Unsubscribe anytime. Review our Privacy Policy.
Thank you! One more thing...
Please check your inbox and confirm your subscription.
The researchers also used a relatively simple machine-learning pipeline, partly to test how easy this type of attack might be for someone without deep specialist knowledge.
The results were unsettling.
The researchers recorded 197 participants walking through a Wi-Fi field. The volunteers used five walking styles: normal, with a backpack, carrying a crate, through a turnstile and at a faster pace. The setup recorded four perspectives, including one in which the participant wasn’t walking directly through the signal path.
The experiment asked not only whether BFId could identify people, but whether it would keep working when conditions changed. A system that works only when someone walks the same way from the same angle would be far less troubling.
But BFId proved robust.
A Radio Image
A model trained on normal walking could still identify people across other walking styles. CSI performed much worse when people walked fast or passed through a turnstile. BFId remained reliable across the four perspectives, with only a modest drop in the non-line-of-sight case. In fact, the system achieved 99.5% accuracy on normal walking.
The researchers focus on beamforming feedback information, which is sent over the air unencrypted. In ordinary terms: devices can shout little summaries of the radio environment back to the router, and a nearby observer may be able to record them. The attacker does not need the Wi-Fi password. The attacker does not need to join the network. They can be passive, just listening.
“This technology turns every router into a potential means for surveillance,” warns Julian Todt from KASTEL. “If you regularly pass by a café that operates a Wi-Fi network, you could be identified there without noticing it and be recognized later — for example by public authorities or companies.”
All in all, this type of attack is relatively easy, even for someone without specialist training. To make it even worse, turning your smartphone off isn’t enough to stop it.
“By observing the propagation of radio waves, we can create an image of the surroundings and of persons who are present,” says Professor Thorsten Strufe from KASTEL — KIT’s Institute of Information Security and Dependability. “This works similar to a normal camera, the difference being that in our case, radio waves instead of light waves are used for the recognition,” explains the cybersecurity expert. “Thus, it does not matter whether you carry a Wi-Fi device on you or not.”
RelatedPosts
Unsupervised AI Inspired by Galaxy Mergers Learns Like Humans
This Chip Trains AI Using Only Light — And It’s a Game Changer
A new machine learning algorithm has learned how to look at a picture and recreate them as 3D objects
DeepSeek May Have Found a Way To Make AI Smarter Without Just Making It Bigger
Defending Against This Isn’t Easy
Usually, when we talk about cybersecurity risk, the “hygiene” measures are simple. Use complex passwords, use two factor authentication, things like that. But here, it’s different.
Wi-Fi is everywhere, from our homes and offices to schools, streets, and stores. Many devices are poorly secured. Your smartphone might be secure, but what about that camera or smart bulb you installed? Oftentimes, these are cheap internet-of-things gadgets that never receive meaningful updates. In that kind of world, a passive attack that uses ordinary wireless behavior becomes very straightforward.
The fact that a simple model, one that didn’t use specialized processing, also managed to achieve high accuracy, is also disconcerting.
To be clear, BFId doesn’t magically reveal a person’s name from thin air. The attack is about recognition: linking one Wi-Fi recording of a person to another recording of the same person later. That makes it more difficult for attackers, but not impossible.
It’s not even clear how you’d defend yourself from such an attack. Researchers note that encrypting beamforming feedback might help, but the paper notes that this would require changes to the Wi-Fi standard and this is a long-term solution rather than something that can be implemented soon.