A recent study reveals a worrying new surveillance threat: even if you’re not using Wi-Fi or even turning off your phone, attackers can still identify you through the wireless networks around you. A team from the KASTEL Institute for Information Security and Reliability at the Karlsruhe Institute of Technology in Germany warns that attackers can exploit existing Wi-Fi signals in the environment and accurately infer the identities of people by passively monitoring changes in radio wave propagation, without requiring any special hardware. The research paper was published in the latest issue of the ACM Data Science journal.
The team members explain that by observing how Wi-Fi radio wave signals are reflected and disturbed by the human body, they can “see” the surrounding environment and the people within it, much like a camera image. Therefore, it doesn’t matter whether people are carrying or turning on their Wi-Fi devices. Even if the device is turned off or in airplane mode, simply being in a space with a Wi-Fi signal can make it a target for identification.
The key to this technology lies in the fact that electronic devices in modern Wi-Fi networks periodically send signals called beamforming feedback to the router. These signals are intended to optimize network connection quality, ensuring more accurate signal transmission to user devices. However, this feedback data is unencrypted during transmission, allowing anyone within range of the signal, including malicious eavesdroppers, to intercept it. By analyzing how these signals subtly change due to human movement and posture, combined with machine learning models, it is possible to construct motion signatures that can be used to identify specific individuals.
This means that every Wi-Fi router can potentially become an “observer.” For example, even if someone never connects to a Wi-Fi cafe every day, their gait and physical characteristics could be recorded and subsequently used for identification. This type of surveillance could be exploited by cybercriminals for long-term tracking.
Unlike previous surveillance technologies that relied on lidar or specialized sensors, this new approach does not require expensive or conspicuous electronics. An attacker only needs an ordinary Wi-Fi receiver to eavesdrop on legitimate communications already in the environment. Furthermore, the danger lies in its “invisibility”—not only is it difficult to detect, but it’s also not restricted by a physical line of sight.
In an experiment involving 197 participants, the team achieved near-100% identity recognition accuracy after only a few seconds of signal analysis, regardless of viewing angle or individual walking style. This high-precision recognition capability, while highlighting the technology’s immense potential, also reveals significant privacy risks.
This research serves as a wake-up call for privacy protection amidst technological advancement: Wi-Fi networks permeate every corner of our lives, and we must be vigilant against these “invisible eyes.” We must also push for the simultaneous upgrading of technical standards and policies and regulations to prevent radio waves from becoming pervasive surveillance tools. The Latest News Press suggests that Wi-Fi standards currently under development or to be developed in the future may support Wi-Fi Aware functionality. Therefore, it is imperative to embed privacy protection mechanisms from the outset, such as encryption of sensitive data or access control, so that people can enjoy the benefits of technology while also building a security barrier.
