Scientists in Germany have demonstrated a startling new form of surveillance: identifying people using nothing more than ordinary WiFi signals. By analyzing how radio waves bounce around a room, researchers can effectively “see” and recognize individuals — even if they are not carrying a device and even if their phone is turned off.
Very interesting concept. I was curious about how in the hell this could be done. This article explains the general method.
When an inert object like a person moves around between the router and stationary connected devices like computers and printers, it interferes with the signal. The pattern of interference plus math can be used to plot the movement of the object - and even measure subtle changes like hand gestures. Home security software from companies like Xfinity can already use this tech to send you an alert when something is moving around in your house, without needing additional hardware. Imagine an informercial where a guy holds up a handful of “clumsy motion sensors” with wires sticking out of them, and “confusing instructions”. Not if you just let your router do it!
As far as being a new and sinister means of surveillance, evil companies could already theoretically tap into anybody’s motion sensors or security cams. The difference with WiFi tracking is that you wouldn’t necessarily know it’s there.
That’s using CSI though. The article said the researches specifically did not utilize CSI.
But regarding CSI: I evaluated that as a small part of my Master’s thesis and it worked pretty OK for motion detection but not for classifying other activities, at least not on a SISO link. For more complex stuff you would need both a MIMO access point (router) and device (e.g. phone). Also, you need to constantly transmit messages to get up-to-date CSI, which is not great for power consumption as well as cluttering the communication channel. There are some other constraints, especially regarding noise. E.g. I managed to completely destroy the CSI spectrogram by turning on a microwave oven. There is 802.11bf in development, which is supposed to standardize this, because currently using CSI is pretty much a “hack”, as it is not intended for sensing. Once this is widely adopted, I would start being worried, but not right now.
This is from my thesis:
It’s not too different from what I can tell. They seem to just exploit the fact that beamforming information (BFI) is transmitted back to the access point. BFI is ultimately not so different from CSI. What they exploit is that they can just listen in and intercept the BSI without access to the AP.
Interesting. I didn’t actually read into BFI details, thank you
That is extremely cool, thank you.
The need for a constant signal to scan movement is a good point. Makes sense that nearby wifi devices can’t just be sitting there, they have to be actively transmitting to the router or there’s no signal for the target to interfere with. I must have gotten CSI and wifi scanning confused. Tbh I’m not even sure why CSI is in the article except for history, but I found the principle fascinating. In your research did you turn the intererence into anything like a heat map of a person standing in the room, or is it more of a signal fingerprint, like chromatography or spectrography?
My topic was fall detection (as in elderly people falling) specifically without using cameras or wearables. The idea was to take the CSI (basically what you see in the image) and just stuff it into some machine learning model to get a prediction as to whether someone fell in a given time frame, so I was trying to classify the signature of the falling “activity”. From my literature survey, this has been done successfully with CSI. But as with a lot of research, it typically lacked practicality. Much of my work was implementing the firmware, data recording, processing, and so on. I also had to record a ton of falls (ouch) and label them. I ended up throwing away the CSI approach though, because of the noise reasons I mentioned. That was simply a deal breaker. I went with FMCW radar instead (and it worked pretty good).
Fascinating project! Definitely sounds like at best it might detect that somebody probably fell down, but not that Old Man Jenkins is having a bowl of Lucky Charms instead of Raisin Bran and his blood pressure is a little high - which seems to be the conclusion people are jumping to here.
It definitely depends on the circumstances. With 60 GHz radar e.g. you get quite a good distance resolution and can detect e.g. breathing rate really well (from the torso movement during breathing) and things like how many people are in a room, etc. But its always very dependent on the environment, your settings, subjects, noise, whatever. That’s why I said its typically not practical. By using dedicated devices perhaps, and most of these kinds of news are about people who use dedicated devices, but that’s like putting a camera in your home. When you have to abuse an existing communication channel, probably not so realistic.
Wouldn’t a microwave causing significant interference also be a sign of a very faulty, potentially unsafe microwave? If it’s bathing your environment with microwaves, you’re cooking to some degree. I know a 2.4 GHz router is using microwaves too, but restricted to much lower power. I’d be very suspicious of an oven that’s leaking enough to interfere with my signals since you don’t know how strong the leaking microwaves are and they may in fact be harmful. I imagine someone standing in front of their microwave watching it operate, cooking their eyeballs as they wait.
to be fair, maybe. To pass FCC/CE regulation regarding EMC, it has to adhere to strict limits at 2.4 GHz (but I could also imagine for microwave ovens specifically that the allowed emissions are higher than for other devices, because 2.4 GHz is just the band it operates in. But idk, I didnt read the standard for those). But it does not mean that it may not radiate anything in that band.
Anyways, my observation was that it did interfere and the microwave was definitely closed. But also it was not 10m distance to the microwave, more like 2m, so relatively close. WiFi receivers are quite sensitive to be able to work with low received powers. So just a little emission is sufficient to interfere. You are probably not disturbing the communication itself, because OFDM is quite robust, but it certainly destroyed my use case (which operated on the whole CSI).
And there is definitely some stuff leaking, e.g. through radiated emissions on the wiring (the power line). But it is certainly not cooking anything. That’s also what the regulation makes sure of.
Say waaaa?
inert meaning not a wifi device.