The spy who came in from the Wi-Fi: Beware of radio network surveillance

If you pass by a café that operates a Wi-Fi network, you can be identified—even if you do not carry a smartphone with you. Researchers at Karlsruhe Institute of Technology (KIT) have found out that it is possible to identify people solely through Wi-Fi signals. They point out that this constitutes a significant risk to privacy.

To infer the identity of people, it is no longer necessary that they carry a smartphone or tablet on them. It takes nothing but Wi-Fi devices communicating with one another in the person’s surroundings. This creates an image comparable to a camera shot, but based on radio waves. The research team calls for adequate privacy safeguards.

“By observing the propagation of radio waves, we can create an image of the surroundings and of persons there,” says Professor Thorsten Strufe from KASTEL—KIT’s Institute of Information Security and Dependability. “This works similarly to a normal camera, the difference being that in our case, radio waves instead of light waves are transformed into an image,” explains the cybersecurity expert.

“Thus, it does not matter whether you carry a Wi-Fi device on you or not.” Even switching a device off does not help: “It’s sufficient that other Wi-Fi devices in your surroundings are active.”

Wi-Fi routers as ‘quiet observers’

“This technology turns every router into a potential means for surveillance,” warns Julian Todt from KASTEL. “If you regularly pass by a café that operates a Wi-Fi network, you could be identified there without noticing it and be recognized later—for example by public authorities or companies.”

Strufe stresses that it is true that there are easier methods for secret services or cybercriminals to observe people—for example by accessing CCTV cameras or video doorbells. “However, the omnipresent wireless networks might become a nearly comprehensive surveillance infrastructure.” Actually, Wi-Fi networks exist in almost all homes, offices, restaurants, and public spaces today.

No special hardware required

Unlike attacks with LIDAR sensors or previous Wi-Fi-based methods, which use channel state information (CSI)—i.e., measured data that indicate how a radio signal changes when it hits walls, furniture, or persons—the attackers do not need any special hardware. This method requires nothing but standard Wi-Fi devices. It works by exploiting the legitimate users whose devices are connected to the Wi-Fi network.

These regularly send feedback signals within the network, also called beamforming feedback information (BFI), to the router—in unencrypted form so that it is readable by third parties. This creates images from different angles of view that can serve to identify the respective persons. Once the underlying machine-learning model has been trained, the identification only takes a few seconds.

Almost 100% hit rate

In their study with 197 participants, the research team could infer the identity of persons with almost 100% accuracy—independently of the perspective or their walking style.

“The technology is powerful, but at the same time entails risks to our fundamental rights, especially to privacy,” emphasizes Strufe. The researchers warn that this is particularly critical in authoritarian states where the technology might be used for the observation of protesters. Therefore, they urgently call for protective measures and privacy safeguards in the forthcoming IEEE 802.11bf Wi-Fi standard.

The researchers will present their results at the ACM Conference on Computer and Communications Security (ACM CCS 2025), held Oct. 13–17 in Taipei, Taiwan.