‘This technology turns every router into a potential means for surveillance’: researchers warn you can be tracked and identified from Wi-Fi signals

• Researchers have identified a new Wi-Fi router security threat
• People in a space can be tracked using beamforming signals
• No physical access to the router is required to tap into its radio waves

Researchers from the Karlsruhe Institute of Technology in Germany have demonstrated how everyday Wi-Fi routers can be hacked and used as surveillance tools, using only the radio waves traveling from and back to the router.

Here’s how it works: routers using Wi-Fi 5 or later get feedback signals sent back to them from connected devices, known as Beamforming Feedback Information (BFI). The router uses this feedback to manage speeds and stability, but these messages are flowing freely through the air, and can be nabbed by other devices too.

If someone physically passes through those signals, they get disrupted. The signal map isn’t quite like a 3D map of a room, but the way the signals shift can act as a sort of signature for a person, based on how they walk and move through the space.

Using some special software and a device with a Wi-Fi card (so a laptop, or a Raspberry Pi device for example), someone can monitor these BFI signals and check for disruption. As the signals are unencrypted, there’s no need for physical access to the router, or the Wi-Fi password — the monitoring device just needs to be in the same physical space.

Surveillance danger

The researchers ran tests using 197 volunteers, and were able to identify people with 99.5% accuracy — as in, they could say ‘person A walked past at this time and this time’. To actually link people with their name and other details, some other data would be required, such as a ping from a phone previously associated with the individual.

So, a listening device could be hidden in an office, and a hacker could tell who was at work that day, assuming they knew which walking gaits matched which people. Once the initial match is made, targets wouldn’t even need to be carrying a device (such as a phone).

“This technology turns every router into a potential means for surveillance,” says Julian Todt, one of the researchers. “If you regularly pass by a cafe that operates a Wi-Fi network, you could be identified there without noticing it and be recognized later — for example by public authorities or companies.”

The research team wants to see more protection for BFI data in future Wi-Fi standards — otherwise this is potentially a very real security threat, affecting most modern routers. You can read the full research paper here.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Dave is a freelance tech journalist who has been writing about gadgets, apps and the web for more than two decades. Based out of Stockport, England, on TechRadar you’ll find him covering news, features and reviews, particularly for phones, tablets and wearables. Working to ensure our breaking news coverage is the best in the business over weekends, David also has bylines at Gizmodo, T3, PopSci and a few other places besides, as well as being many years editing the likes of PC Explorer and The Hardware Handbook.