WI-Fi as a "spy": surveillance trap in wireless networks

links

Wi-Fi as a "spy": surveillance trap in wireless networks

New technology recognizes people without their own Wi-Fi device based on signals in wireless networks - researchers warn of privacy risks and call for protective measures
Smartphone in Hand mit leuchtendem WLAN-Symbol vor unscharfer Stadt bei Nacht.AdobeStock

Anyone walking past a café with Wi-Fi can be identified - without the need for a cell phone. Researchers at the Karlsruhe Institute of Technology (KIT) have discovered a way to recognize people based on Wi-Fi signals alone. In doing so, they point to a considerable risk to privacy. People do not need to be carrying a smartphone or tablet for identification. It is sufficient for Wi-Fi devices in their vicinity to communicate with each other. This creates an image - comparable to a camera image, but based on radio waves. The research team is calling for appropriate data protection mechanisms.

"We observe the propagation of the radio waves and can thus generate an image of the environment and people," says Professor Thorsten Strufe from KASTEL - Institute for Information Security and Reliability at KIT. "It works in a similar way to a normal camera, except that it converts light waves into an image instead of radio waves," explains the cyber security expert. "It is therefore irrelevant whether someone has a Wi-Fi device with them or not." Switching it off does not protect either: "It is enough if other devices are active in the vicinity."

Wi-Fi routers as "silent observers"

"The technology turns every router into a potential surveillance device," warns Julian Todt from KASTEL. "Anyone who regularly walks past a café with Wi-Fi could be identified there without being noticed and recognized later - by government agencies or companies, for example." There are simpler methods for intelligence services or cyber criminals to observe people - for example by accessing surveillance cameras or video doorbells, says Strufe. "But the ubiquitous wireless networks could become an almost nationwide surveillance infrastructure." This is because Wi-Fi is now available in almost all homes, offices, restaurants and public spaces.

No special hardware required

Unlike attacks with LIDAR sensors or previous Wi-Fi-based methods that use channel state information (CSI) - i.e. measurement data on how a wireless signal changes through walls, furniture or people - attackers do not need any special hardware. The method works with standard Wi-Fi devices. It exploits the legitimate users who are connected to the Wi-Fi. They regularly send feedback signals, also known as beamforming feedback information (BFI), to the router in the network - unencrypted and readable for third parties. This creates images from different angles that can be used to identify people. This only takes a few seconds once the machine learning model behind it has been trained.

Almost one hundred percent hit rate - technology poses risks to privacy

In a study with 197 participants, the research team was able to recognize people with almost 100% accuracy - regardless of their walking style or perspective. "The technology is powerful, but at the same time poses risks to fundamental rights, especially privacy," emphasizes Strufe. This is particularly critical in authoritarian states, where the technology could be used to monitor protesters, the researchers warn. They are therefore urgently calling for protective measures and data protection mechanisms in the planned WiFi standard IEEE 802.11bf.

Funding and publication

The project was funded within the Helmholtz thematic field "Engineering Secure Systems". The researchers will present the results at the "ACM Conference on Computer and Communications Security "(CCS) in Taipei. The paper will be available from October 13, 2025 at https://doi.org/10.1145/3719027.3765062

Original publication

Todt, Julian; Morsbach, Felix; Strufe, Thorsten: BFId: Identity Inference Attacks utilizing Beamforming Feedback Information, ACM, 2025. DOI: 10.1145/3719027.3765062.