Here’s an unsettling development in this episode of “everyday tech can do things you probably never imagined”: in the future, anyone who regularly walks past a café or restaurant with public Wi-Fi could be identified—even without a smartphone in their pocket.
Researchers at Karlsruhe Institute of Technology (KIT) have discovered that commercially available Wi-Fi routers can recognize and identify individual people based on signal changes. All that’s required is for other devices in the vicinity to be connected to the router.
Professor Thorsten Strufe from KASTEL—the Institute of Information Security and Dependability at KIT—explains that the propagation of Wi-Fi radio waves can be used to create an image of the router’s physical environment and the people in it. This works in a similar way to cameras, except radio waves are used instead of light waves.
According to the cybersecurity expert, it doesn’t matter whether someone has their own Wi-Fi device on them or not. Switching off their devices also offers no protection, since the imaging is performed by other active Wi-Fi devices in the vicinity.
How Wi-Fi signal imaging works
Wi-Fi devices communicate with each other by exchanging so-called Beamforming Feedback Information (BFI). These feedback signals show how radio waves propagate throughout a room and are sent unencrypted from connected devices to the Wi-Fi router.
If a person moves through this “Wi-Fi field”, their body causes measurable changes to the Wi-Fi signals. Artificial intelligence can then analyze the data and signal changes well enough to associate it with an individual—with a nearly 100 percent accuracy rate.
In a study involving 197 test subjects, the researchers were able to reliably identify people regardless of their walking style or perspective. Even objects like bags and boxes had little influence on the results.
Pervasive Wi-Fi networks could be employed as a surveillance trap
The KIT researchers see this Wi-Fi signal imaging technique as a serious risk to personal privacy and data protection. Julian Todt, a PhD researcher at KASTEL, warns that “this technology turns every router into a potential means for surveillance.”
Governments, companies, organizations, and even cyber criminals could identify people unnoticed, particularly in public places but also in the privacy of their own homes. The researchers emphasize that this is especially dangerous in authoritarian states where security authorities could use the technology to identify protesters and dissenters.
Stricter Wi-Fi standards are needed
Due to these findings, the research team is calling for data protection mechanisms to be integrated into the IEEE 802.11bf Wi-Fi standard that’s slated for the future. This is the only way to prevent feedback signals like the BFI from being read without encryption.
“Wi-Fi networks are almost everywhere these days—in homes, offices, restaurants, and public spaces,” says Strufe. “If this technology is used without protective measures, ubiquitous wireless networks could become a nearly universal surveillance infrastructure.”
The research was funded as part of the Helmholtz “Engineering Secure Systems” topic area. The results will be presented at the ACM Conference on Computer and Communications Security (CCS) in Taipei.
Further reading: Secure your home Wi-Fi router with these tweaks