Walk past a café with an active WiFi network and you can be identified. No smartphone required. No wearables. Nothing in your pockets. That's the finding from researchers at Germany's Karlsruhe Institute of Technology (KIT), who demonstrated a system that uses standard wireless signals and machine learning to recognize individuals with striking accuracy.
In a study involving 197 participants, the team achieved identification rates approaching 100 percent. The system worked regardless of the viewing angle or how participants walked. Once the underlying machine learning model was trained, identifying a person took only a few seconds.
How It Works
The method exploits something called beamforming feedback information, or BFI. Devices connected to a WiFi network regularly send these signals to the router as part of normal operations. The feedback helps routers optimize connections. Crucially, this data is transmitted without encryption, meaning anyone within range can intercept it.
Unlike previous WiFi-based sensing techniques that required specialized LIDAR sensors or proprietary hardware, this approach needs nothing more than a standard router. The BFI signals effectively create radio-based images from multiple angles, allowing the trained AI to identify individuals without cameras or other traditional monitoring equipment.
"By observing the propagation of radio waves, we can create an image of the surroundings and of persons who are present," said Professor Thorsten Strufe from KASTEL, KIT's Institute of Information Security and Dependability. The process, he explained, works similarly to a camera. The key difference: radio waves instead of light.
The Alarming Detail
Turning off your own device offers no protection. Other WiFi devices in your surroundings simply need to be active. If a router exists and someone else's phone or laptop is connected, the system can still track you. This makes the technology fundamentally different from device-based identification methods that at least require a target to carry something identifiable.
"This technology turns every router into a potential means for surveillance," warned Julian Todt, a member of the research team. He noted that someone who regularly walks past a location with an active network could be identified there without noticing and recognized later by public authorities or companies.
Felix Morsbach, another researcher on the project, acknowledged that intelligence agencies and cybercriminals currently have simpler methods available. Accessing CCTV cameras or video doorbells, for example. But he stressed that the ubiquity of wireless networks makes them a different kind of threat. WiFi exists in nearly every home, office, restaurant, and public space. The infrastructure for surveillance already blankets most environments, invisible and unsuspected.
Implications for Authoritarian Regimes
The researchers expressed particular concern about deployment in authoritarian states, where the technology could enable monitoring of protesters without any visible surveillance apparatus. A government need not install cameras or require citizens to carry phones. The existing WiFi ecosystem becomes the tracking system itself.
The team presented their findings at the ACM Conference on Computer and Communications Security in Taipei last October. Their paper, titled "BFId: Identity Inference Attacks Utilizing Beamforming Feedback Information," introduced this as the first identity inference attack using BFI-based sensing and made the 197-person dataset available to other researchers for non-commercial purposes.
A Call for Standards-Level Protection
The researchers are urging the IEEE to embed privacy safeguards into the forthcoming 802.11bf WiFi standard. That standard, which formalizes WiFi sensing capabilities, represents one of the last opportunities to build protection directly into the protocol before the technology becomes widespread.
"The technology is powerful, but at the same time entails risks to our fundamental rights, especially to privacy," Strufe said. The project received funding through the Helmholtz "Engineering Secure Systems" initiative.
The window for implementing those safeguards at the standards level remains open, but probably not for long. Retroactive protection across billions of existing devices becomes exponentially harder with each passing month.
