The home router can be used to identify who is in a room, even without the identified subjects having a smartphone or other device connected to Wi-Fi with them. The feasibility of this was demonstrated by a group of IT researchers from Germany, working for KIT (Karlsruhe Institute of Technology). These have shown that radio waves emitted by common wireless devices can be intercepted to recognize the identity of a person walking in a room, and all this with an accuracy of 99.5%. The fact that it is not necessary to have a device connected to the network to be identified makes this discovery interesting but, in some ways, also disturbing. But how is all this possible? Let’s see it now.
99.5% accuracy: the discovery
To understand the significance of this discovery, we must start from the technology that makes it possible. KIT researchers focused their attention on a function integrated into modern Wi-Fi standards, called beamforming, introduced with the Wi-Fi 5 (802.11ac) standard. Unlike a light bulb that diffuses light in every direction, beamforming directs the radio signal coming from the modem/router towards the specific device that requests it: the smart TV, the computer, the smartphone, and so on. To do this, the router continuously sends data packets to calculate the best route and navigate around obstacles. Well, German researchers have discovered that this data travels through the air without any encryption and can be picked up by anyone nearby with a simple receiver.
The system developed by the team is called BFId (Beamforming Feedback Information), an acronym that combines the concept of beamforming with that of identification. Its strength lies in accessibility. In the past, human presence tracking via Wi-Fi relied on CSI (Channel State Information), which are physical measurements that describe how the radio signal degrades, bounces, or attenuates between transmitter and receiver. The CSIs are precise, but they have a huge limit: to extract them you need to install a custom firmware compatible with very few network card models, including the Intel WiFi Link 5300, an old network card produced by Intel in 2008. The result is that less than 6% of the routers in circulation support this technology.
How is this possible: the BFId system
The BFId system completely circumvents this obstacle. There is no need to hack into the network, know the password or change modem settings. The system simply listens passively to the beamforming data that reflects off people’s bodies. Each of us has a unique build, a personal gait, a characteristic way of moving in space: all characteristics that alter the path of radio waves in a distinctive way, generating a sort of biometric fingerprint of the walk.
The prof. Thorsten Strufe ofInstitute of Information Security and Dependability of the KIT, explained the functioning of this system in these terms:
By observing the propagation of radio waves, we can create a picture of the surrounding environment and the people present. It works similarly to a normal camera, with the difference that in our case radio waves are used for recognition instead of light waves. So, it doesn’t matter whether you carry a Wi-Fi device with you or not.
Regarding the possible safety risks related to this discovery, Julian Todt of KASTEL, said:
This technology turns every router into a potential means of surveillance. If you regularly pass a café that operates a WiFi network, you may be identified there without realizing it and recognized later, for example by public authorities or companies.
To test the system, the researchers involved 197 participants, the largest statistical sample ever used in studies of this type. The results, with an accuracy of 99.5% in recognizing people, will be presented in Taipei at the ACM Conference on Computer and Communications Security (CCS), one of the most authoritative stages in the sector.
