The technology to convert wifi signals into the placement and identity of people is getting much better. Not by using their devices, just the waves bouncing of their bodies. (There’s nothing new to the pipeline as far as I can tell, we’re just starting to get into the accuracy ranges that make it easy/useful.)
No. You and your neighbors couldn’t unless they had enough access to train up on and analyze how the wifi signals were being disrupted by the people in question. At best you and your neighbors could know when it detected that humans were present and that’s about it.
Unless your neighbors have active access to your home and can collect other data about your walking and moving patterns to fine tune a model.
I’m so tired of this clickbait story. Can we not spread this nonsense.
I’m with you, we ought be sober in our judgement of new technology (unlike what we’ve seen with AI).
Yet also, I know there are some really interesting ways to surveillance a home if you have the resources. For example, you can reconstruct audio in a room using a recording of vibrations on a pane of glass. You can alternatively use a laser for longer distance from the glass, to get distorted and return the minor vibration data.
The original title was substantially less clickbait; I amped it up in the hopes of a reply like yours.
If you have a moment more to enlighten me, I think you’re claiming:
- This technique is location and person specific; the models don’t generalize if you move the router or change the people (and retrain on less data)?
- This method doesn’t determine where folks are (even when used with multiple routers) to any useful precision? (Forget who, you can guess whose in your neighbors house)
- This method is nowhere near getting plausible pose data?
My thought process is this. Your neighbor likely has neither the inclination or the technical knowledge to use disturbances in the wifi signals from their own wifi to do this. Additionally they likely don’t have access to every neighbors wifi (which if you had it would likely allow you to fine tune this significantly).
So basically, every neighbor you have or at least the majority of them are getting together to do this?
The premise is that a person can set up a wifi network in a place adjacent to [target], monitor that network, map the area they want to surveil (while it’s empty would be better) and then use disturbances in that area to track [target] within the space.
What you’d still need is time to measure the disturbances and gather a profile on the individual you were tracking in order to remove false positives (people of the same height and weight or body type etc).
It actually is at least location specific. Because you need penetration of the Wi-Fi signal into the space in order to collect the data necessary. I live in a place that was built on a steel frame with sheet rock. I can’t even get signal from my own wifi standing on my door step. I also don’t pick up the wifi of my neighbors, and can’t get cell signal in the house. So they’d have to break into my home and place monitors to pick up my own wifi in order to do this. At that point it’d be much easier to plant a bug.
Because it’s location specific and dependent on the materials of the construction of the place being penetrable enough to collect said frequencies (and because wifi is often high frequency and the higher the frequency the less penetrative power it has), it’s much more likely that this kind of surveillance method would likely be used by a 3-letter agency, and at that point they’d drop a wifi pineapple on the roof, assuming they needed to do that at all. Or track you through public wifi.
There’s lots of news stories about new and old ways of surveillance and some of those are just easier, less intrusive, less expensive, and possibly more effective.
Some plants have leaves so sensitive you can measure their movements to reconstruct conversations that happened in their vicinity.
I think a few years ago there was a story about listening in on a conversation by during a laser at a window.
You could potentially do the same thing with sonar.
I have questions about why your neighbors would do that. The usefulness of it for your everyday civilian isn’t worth the work, and even if it was it relies on the cooperation of more than one person, and the right location factors to do it.
I also have questions about what happens when there are no users interacting with the wifi.
“This technology turns every router into a potential means for surveillance,” warns Julian Todt from KASTEL. “If you regularly pass by a café that operates a WiFi network, you could be identified there without noticing it and be recognized later – for example by public authorities or companies.”
It is sufficient for Wi-Fi devices in their vicinity to communicate with each other. This creates an image - comparable to a camera image, but based on radio waves.
It exploits the legitimate users who are connected to the Wi-Fi. They regularly send feedback signals, also known as beamforming feedback information (BFI), to the router in the network - unencrypted and readable for third parties. This creates images from different angles that can be used to identify people. This only takes a few seconds once the machine learning model behind it has been trained.
This paragraph in particular suggests that you still need training data. That seems like it would require a larger window of data collection and training.
In the home there must be stationary or rarely moved devices (usually one to three) connected to this router via Wi-Fi — for example, a printer, a smart speaker and/or a smart TV. Sometimes Wi-Fi extenders and mesh Wi-Fi devices can perform the role of a “sensor”.
Motion detection will occur only in the oval zone between the router and the “sensor”, and post-setup testing is required.
https://www.kaspersky.com/blog/wifi-sensing-motion-detection-howto/53851/
https://www.informatik.kit.edu/english/11147_14950.php
https://www.sciencedaily.com/releases/2026/05/260522023127.htm
Thank you. I could be persuaded to change the title, though I don’t think I have been. (You are perhaps not trying to, but I’ll record my reasoning anyway.)
Re: nobody is motivated to do this. True, and doesn’t contradict the title or content. Anybody could drive out and start toppling power poles and poisoning the water supply, fortunately most people are mostly good.
Re: some houses are well insulated. Congrats on your nice home! Many dream of having their own space someday. I think the most interesting case is in an apartment/condo/high density complex. In this setting, you have:
- the layout of the entire building, including other rooms. (modulo furniture and dustables; the walls are public.)
- many routers all over the building, overlapping and generally at different frequencies. When I AirBnB, I often see dozens of different networks from my bedroom. Note that for this style of attack, you don’t need to connect to anything.
- thin walls between units (often cheap).
- some incentive towards snooping. Who stole your packages? Which neighbor keeps letting the dog poop at your window?
Re: training required and the field of view This I find most compelling. I am interested in how much legitimate use is required; can we simply make login attempts? Or does it take somebody logged in? It’s hard for me to tell how customized the model must be (this is a setting where data is reasonably easy to generate in a lot of settings; perhaps enough so that, given a model slightly larger, we get something general?).
Without having dug too deeply into it, shouldn’t this be easy to fool by just wearing something conductive under your clothes? And for normal gait/body shape it’s easy to fool. But I guess the intent is to ID most ppl, not all ppl.
My (also not that deep) understanding is that this took a technique that was very walk dependent, and made it robust to different walks? I suspect you’d also need to vary what and where the conductive element is, I would think. Otherwise you’re just extremely conspicuous (for being an outlier) on every readout. It’s like adding an RFID tag to yourself.
Better to pollute the signal, maybe? They’re picking up on irregularities in it already (I guess), so why not add a light scramble. Maybe it can be done below any threshold to be noticeable, and you just place a box next to your router for it to work.
This is accomplished through what is known as WiFi sensing, or the use of WiFi signals to infer information about a physical environment. When radio signals like WiFi travel through a space, they interact with the objects and people around them. Those signals can be reflected, scattered, or absorbed. By analyzing how the signal is expected to behave compared with how it is actually received, researchers can infer details about the surrounding environment.
I kind of get this idea. It’s just sensing the strength of radio waves with some kind of antenna array. Like pixels on an optical sensor. It’s not really a new idea, I sort of recall seeing video of this kind of thing from like 10 years ago.
But the paper suggests this relies on higher level protocol information.
Beamforming, as introduced in WiFi 5, requires clients to broadcast observations of their channel characteristics. This introduces a new information source for WiFi sensing with privacy threats that have not been explored, so far. With WiFi networks being ubiquitous in our everyday lives, the impact of unknown privacy threats is likely severe. To investigate this concern, we introduce BFId, the first identity inference attack using BFI-based sensing and evaluate its efficacy on a novel dataset containing WiFi recordings of 197 individuals. We show that we can infer the identity of individuals with very high accuracy, across different walking styles and perspectives, even with large sample sizes.
[…]
Identity inference based on WiFi can be done by analyzing different sources, but most prominent in recent years has been the analysis of Channel State Information (CSI), a built-in part of the physical layer of WiFi. […] To enable higher bandwidths, WiFi 5 (802.11ac) introduced beamforming. Beamforming utilizes similar information on the physical environment as CSI, but on the sender instead of the receiver side.In a typical WiFi scenario, clients send Beamforming Feedback Information (BFI) back to the access point, a compressed representation of the current signal characteristics
This makes it sound kind of like a way to fingerprint signals, but they also mention:
We show that individuals can be recognized with very high accuracy (99.5% ± 0.38) with our BFI-based attack. Furthermore, BFId is not only able to infer the identity of individuals, our experiments also demonstrate that in a direct comparison it is able to do so better than CSI-based attacks for large populations. This also holds for identifying individuals across walking styles, from multiple different perspectives, and at reduced sample rates.
But if we’re talking about walking styles, it sounds more like “regular” wifi sensing again.
For this, the standard defines a channel sounding procedure (shown in Figure 1) which is initiated by the access point (beamformer) regularly through a null data packet (NDP) announcement frame. Beamformees will reply to this announcement. The actual NDP is then sent by the access point which contains one VHT-LTF (very high throughput long training field) per spatial stream used in the transmission. Beamformees will then use the CSI of these VHT-LTFs to calculate so-called feedback matrices for each subcarrier. The feedback matrix is compressed into beamforming angles which are sent back to the beamformer.The beamformer can then calculate a steering matrix which can be used to direct the transmission towards the beamformee [6, 16].
So I guess it’s kind of like sensing from multiple observers?
The vast majority of approaches use recordings of gait sequences for identification, but there are exceptions, e.g. using lip-motions [ 42], keystrokes [ 18 ] or no moving at all, but the individual just standing [53 ] or sitting [51 ]. When usinggait, most approaches record individuals while walking orthogonally to the line-of-sight (LOS) between sender and receiver. Twoearly approaches had participants walk parallel to the LOS [26, 71 ] and some approaches have opted to have participants walk freely,but only one approach considered multiple perspectives [76].
Yeah, I guess the novel thing in this paper is using information from this protocol to essentially get a bunch more sensors. Though I’m still shocked they can put together a coherent picture to get fucking lip movements with all this.
Also, WiFi has gotten so much more complicated since 802.11b. Feels like I forgot to pay attention.
In a study, the researchers describe using beamforming feedback information (BFI) and machine learning models to identify people walking within a network’s range. The team found that this BFI-based technique was able to infer a person’s identity with 99.5% accuracy.
Yipes!
Fortunately, the solution is simple. Your tinfoil hat needs to extend into a cylinder around your entire body, , like an RF condom.
You still be identifiable as the walking cylinder. What we need is a ministry of silly walks.
Only travel the house by Roomba, this deletes the walk-signature. 🙃
H A C K E R M A N !
Wired only network with Faraday caging everywhere. I think they even make signal blocking paint!
You know, I think I just came up with my first $1,000,000 product; drywall with embedded copper mesh.
Sounds pricey.
Well he did say it was a million dollar product…
Inflatable girdles.
Yeah, I’m more concerned about the invasion from the “smart glasses” fad filming fucking everything than I am this pie in the sky prediction.
I’m concerned and pissed off about both
The more channels they have as data source, the more resilient and finer-grained their intel.
Rage, rage against the dying of the privacy
Install nearby glasses app from fdroid. Might help you notice them if needed.
In public spaces, this is already happening with CTV from nearby stores and such no?
Two wrongs don’t make a right.
I wouldn’t be surprised if nation state intelligence services aren’t already using this technology now.
What do you think cell phone towers are capable of on a much larger scale?
Didn’t batman use this in The Dark Knight?
I think that was technically sonar using everyone’s phones
IIUC they’d need gait data of the people to be identified. So if it’s someone you have a lot of video of, it’s potentially tractable.
Meta has this kind of data on a fuckton of humans; TikTok probably has it on the rest.
Jesus, we’re fucked
“identify people walking within a network’s range”
So it’s dependent on me walking? Good luck! 🤣
the wonder is that folks walked in different ways, and were still identified correctly. Not walking, you might be mistaken for furniture tho.
there’s gotta be some way to jam the frequencies or introduce some kind of interference with other waves… right?
I mean it sounds pretty rough… and it would seem to me the real problem is they are making it sound like the problem is the existing routers. Correct me if I’m wrong, but isn’t it basically saying… someone could drop in a battery powered wifi router in your front yard and spy through your walls?
To an extent. it’s better to have it inside with you and lots of other devices around to get a good picture from the BFI.
AS bad as it sounds, you’r probably sitting next to, or carrying with you a cellphone with a unique IMEI that ties you to credit cards and social security numbers, it has an exact GPS lock available to police for the asking, and even if you turn that off, a yagi or any antenna locator could id you far better than the BFI.
They could do the same thing with a speaker playing a sound. It’s basically sonar, but the waves being measured are RF and not sound. But it being outside your home wouldn’t work that well; wifi does not penetrate wood or plaster walls very well, and won’t get through brick or metal at all. They can shape it, to go around things, but unless it’s extremely high powered, it won’t go through anything solid.
Similarly for a whole bunch of attack vectors. Reconstructing keystrokes from keyboard sounds has been demonstrated. But you need a quiet background and a close microphone. At which point you probably could have just plugged in an inconspicuous keylogger and be done with it.
Signal jamming is, broadly speaking, very illegal and also very traceable by nature.
You can use aluminium foil and shape it into a nice hat
It’s a (corrupted) router level attack, so the sensible counter is OpenWRT or rolling your own router. I doubt many cheap routers have the grunt to run this anyway.
The attacker has to be broadcasting to make the attack work. Running OpenWRT and keeping it up to date probably protects you from someone using your own router against you better than stock firmware.
But another expected scenario is an attacker with a nondescript car and a wifi router inside who can sweep the neighborhood searching thru walls for Person X.
But another expected scenario is an attacker with a nondescript car and a wifi router inside who can sweep the neighborhood searching thru walls for Person X.
Hmmf, nasty, but labor intensive. Is it working on backscatter ? because your devices shouldn’t be responding much (beyond ping / authentication query level).
Also, at that point they can just use whatever fits in a van, radar, IR scanners, who knows what, fucking X-rays maybe, don’t know that they’d bother with this.
Avoiding it being deployed at scale to everybody’s router might be more important.
Oh, for most usecases I can think of, there are easier ways. For example, by attacking the cellphone the person is carrying. Or watching for their gait on network cams instead of via wifi.
No phone? Hiding inside? It’s a terrrist, prol;ly
