Security researchers in Germany have shown that ordinary Wi-Fi routers can be used to identify people moving through a room with 99.5% accuracy, even when those people are not carrying a wireless device. The method relies on beamforming feedback data that Wi-Fi equipment already broadcasts during normal operation, which raises fresh privacy concerns around a feature designed to improve wireless performance.
What the researchers found
The work comes from the Karlsruhe Institute of Technology, where researchers developed a system called BFId. It uses unencrypted beamforming feedback information, or BFI, to distinguish one person from another by the way their presence affects wireless signals.
Unlike older Wi-Fi sensing approaches that depended on channel state information, BFId does not require modified firmware or specialized hardware. The team says it can work with existing routers and any Wi-Fi adapter that can listen in monitor mode.
Why this is different from earlier Wi-Fi sensing
Wi-Fi-based identification is not new, but earlier systems were much harder to deploy. Channel state information extraction, for example, has largely been limited to a small number of network cards and often needs firmware changes.
BFI comes from Wi-Fi 5 beamforming. In normal use, access points steer signals toward connected devices, and those devices send compressed feedback about the wireless channel back to the router. That feedback is broadcast unencrypted at the MAC layer, which means nearby devices can capture it passively.
- No special hardware is required
- No access to the target network is needed
- The person being tracked does not need to carry a Wi-Fi device
- A single listening device can capture data from multiple clients at once
Why the accuracy matters
The researchers tested the system on 197 participants, which they describe as the largest dataset yet used in Wi-Fi-based identification work. On a 170-person subset, BFId reached 99.5% accuracy, compared with 82.4% for CSI-based identification.
The paper attributes the result partly to BFI’s higher spatial resolution and partly to the way compression filters noise. Each BFI data point contains 740 features, compared with 212 for CSI, giving the system more information to work with.
What this means for privacy
The practical concern is straightforward: a feature meant to improve wireless performance can also be used for passive surveillance. The researchers tested possible mitigations, including lowering the frequency of beamforming reports, but those changes had little effect on accuracy even at heavily reduced sample rates.
Encrypting BFI would likely require changes to the Wi-Fi standard and could disrupt compatibility with older devices. That makes this a difficult problem to solve with simple router settings alone.
What happens next
The team plans to present the findings at the ACM Conference on Computer and Communications Security in Taipei. The researchers also point to the IEEE 802.11bf amendment, standardized in 2025 for Wi-Fi sensing tasks such as presence detection and environmental monitoring.
Their warning is that the standard does not yet appear to include strong enough privacy protections. If Wi-Fi sensing becomes more common, the main question will be whether those safeguards arrive before the technology is widely deployed.
Source
Source: Tom’s Hardware