Turning off your phone won't help. Wi-Fi can actually become a surveillance tool for "identifying people through walls" and know your every move.

Modern people's concerns about "being monitored" usually focus on the data collection of mobile phone cameras, positioning, microphones, or social platforms. However, a German study suggests that people may have overlooked a more hidden risk around them: Ordinary Wi-Fi can also become a tool for identifying and tracking people. Even if you are not connected to the network, your phone is turned off or in flight mode, or you are not carrying any electronic devices, as long as you are in a space covered by a wireless network, you may leave traces that can be read.

Wi-Fi is everywhere. From homes, offices to shopping malls and cafes, it has long become the infrastructure of our lives. | pxhere

Wi-Fi is essentially a kind of radio wave. When it propagates in space, it will be reflected, scattered, and attenuated just like light encountering obstacles. Walls and furniture will affect the signal, and the human body, due to being rich in polar molecules (such as water molecules), will also have extremely weak absorption and reflection of radio waves in specific frequency bands.

In other words, when a person passes through a Wi-Fi coverage area, it's like walking on a calm water surface, leaving unique ripples. By observing the propagation changes of these radio waves and through machine learning, an image of the surrounding environment and the people present can be constructed.

The impact of Wi-Fi signals on the human body is minimal, and daily use is completely within the safe range. | Wikimedia

The source of this risk is not the router itself, but the beamforming technology that began to be popularized since the Wi-Fi 5 era. Early routers would emit radio waves evenly in all directions like a light bulb. Beamforming optimizes this mode. It will concentrate the signal energy and directly aim at a specific receiving device like a flashlight, thereby enhancing the connection stability and reducing network energy consumption. To achieve this, the two communication parties must constantly "communicate" - terminal devices such as mobile phones and computers will continuously send back beamforming feedback information, that is, BFI data, to the router, reporting the quality and path status of the signal propagation in the room to the router.

However, these feedback information are usually not encrypted. This means that eavesdroppers don't need to know the Wi-Fi password or hack into the router. They just need to place an ordinary wireless receiving device within the signal coverage area to quietly intercept these extremely rich physical environment data and then infer the activities of people in the space.

A person's height, body shape, walking rhythm, arm-swinging amplitude, and even whether they are carrying a bag, walking fast or slowly, will change the reflection of radio waves. | AI

To verify the actual threat of this security vulnerability, a team from the KASTEL Institute for Information Security and Reliability at the Karlsruhe Institute of Technology (KIT) in Germany recruited 197 volunteers to participate in an experiment. The participants were required to pass through the WiFi signal area in five different ways: walking normally, walking with a backpack, carrying a box, passing through a revolving door, and walking quickly. In addition, the experiment also set up four different monitoring perspectives, including complex scenarios where the participants did not directly walk on the direct signal path.

The results showed that the system with beamforming technology achieved an identity recognition accuracy of 99.5% in the normal walking scenario; even if the participants changed their walking style or the observation angle changed, it still maintained a high recognition accuracy.

From tenor

The emergence of this "identifying people through walls" technology makes traditional network security protection measures seem inadequate. Previously, experts would advise you to set a complex WiFi password, enable two-factor authentication, and avoid using public WiFi to prevent hackers. But in the face of passive eavesdropping, these conventional network hygiene habits are useless.

Julian Todt of the research team pointed out that this technology may turn every normally operating router into a monitoring point. For example, if you pass by a cafe that provides public Wi-Fi every day, even if you have never connected to it, your unique body shape and gait characteristics will be recorded. In the future, when you appear in other areas full of low-security Internet of Things devices, the system can recognize you again through comparison, thus achieving continuous implicit tracking.

Image source: wikimedia

It should be clear that this technology cannot directly obtain personal information such as the real name, mobile phone number, and social identity of the target object, and cannot directly lock the specific identity. The core essence of this technology is feature matching: it will extract and store the unique radio wave interference features of an individual and complete the comparison and matching in subsequent monitoring.

Since there are tracking risks, do ordinary users have any countermeasures at present?

Image source: the Internet

Unfortunately, there is a lack of effective personal protection measures in the short term. To fundamentally solve this problem, the internationally used Wi-Fi standard needs to be revised, encrypting the beamforming feedback information. This is a long process that requires the cooperation of the entire industry.

However, technology always has two sides. Wi-Fi sensing technology not only has negative risks but also has extremely valuable positive application scenarios. For example, it can be used for security early warning in unmanned areas; in medical care, it can accurately monitor accidental falls or breathing frequency without the elderly wearing any devices; in hotels or offices, it can automatically turn off air conditioners or idle devices by detecting whether there are people in the room.

This study also reminds us that in today's world where wireless technology is everywhere, the boundaries of daily technology are constantly expanding. A conventional mechanism originally designed to improve network efficiency may also bring new risks of privacy leakage invisibly. In the future, how can we find a balance between technological convenience and privacy security?

References

[1]https://en.wikipedia.org/wiki/Beamforming

[2]https://www.zmescience.com/science/news-science/wifi-surveillance-identify-people/

[3]https://www.news.cn/tech/20251017/9611ade8f40b46a395a89e35c72397e1/c.html

[4]https://www.ansys.com/en-us/simulation-topics/what-is-beamforming

This article is from the WeChat official account "Bring Science Home" (ID: steamforkids). The author is A Xian, and the reviewer is Ziv. It is published by 36Kr with authorization.