New WiFi tech can accurately identify individuals without devices

Researchers at the Karlsruhe Institute of Technology (KIT) have demonstrated that it is possible to identify individuals using only the WiFi signals in their immediate environment. 

Unlike traditional identification methods, this approach does not require a person to carry a smartphone, tablet, or any other connected device. Instead, it relies on the way WiFi devices constantly communicate with each other nearby. 

By carefully analyzing the subtle interactions of these signals, the technology can generate a highly detailed and accurate representation of a person’s presence, posture, and movement that is comparable to a camera snapshot, but constructed entirely from radio waves.

Radio waves can map surroundings and people

According to professor Thorsten Strufe from KASTEL – KIT’s Institute of Information Security and Dependability, it is possible to create images of people and their surroundings by observing how radio waves propagate. 

The professor explains that the process works similarly to a conventional camera, but instead of capturing light waves, radio waves are transformed into a detailed image. He further emphasizes that it makes no difference whether a person carries a WiFi device or not. Even if devices are turned off, the system can generate information from other active WiFi devices in the environment, revealing presence and movement without consent.

Julian Todt from KASTEL warns that every WiFi router could potentially be used for surveillance. He explains that if someone regularly passes by a café with an active WiFi network, their presence could be recorded without their knowledge and later identified by public authorities or companies. 

Strufe adds that while intelligence agencies or cybercriminals have simpler ways to monitor people – such as accessing CCTV cameras or video doorbells – the widespread presence of wireless networks could eventually form a near-comprehensive surveillance infrastructure. Today, WiFi networks are found in nearly every home, office, restaurant, and public space, making this potential risk pervasive.

Tracking people using only standard devices

Unlike earlier attacks that relied on LIDAR sensors or WiFi-based methods using channel state information (CSI) – data that measure how radio signals are altered by walls, furniture, or people – this new approach requires no specialized hardware. 

Instead, it uses only standard WiFi devices and leverages the devices of legitimate users already connected to the network. By observing how these everyday devices communicate, attackers can infer information about people in the environment without installing or accessing any additional equipment, making the method far easier to deploy and potentially more widespread.

By regularly sending feedback signals within a WiFi network, known as beamforming feedback information (BFI), devices transmit data in an unencrypted form that can be read by third parties. These signals allow the creation of images from multiple angles, which can then be used to identify individuals. 

Once a machine-learning model is trained on this data, identifying a person takes only a few seconds. Thus, the privacy implications are significant – in a study involving 197 participants, the research team was able to determine identities with nearly 100% accuracy, regardless of the individual’s walking style or perspective.