Wi-Fi routers can identify people with near-perfect accuracy

Craig Nash
By
Craig Nash
Tech writer at All Things Geek. Covers artificial intelligence, semiconductors, and computing hardware.
8 Min Read
Wi-Fi routers can identify people with near-perfect accuracy

Wi-Fi routers identify people with nearly 100% accuracy using a technique that requires no specialized hardware, no access to the target network, and no cooperation from the person being identified. German researchers at KASTEL—KIT’s Institute of Information Security and Dependability have demonstrated that ordinary routers already installed in homes and offices can track individuals by analyzing how radio waves bounce around a room, creating a privacy vulnerability that affects billions of Wi-Fi users worldwide.

Key Takeaways

  • Wi-Fi routers identify people by analyzing unencrypted beamforming feedback signals sent between routers and connected devices
  • The technique works without the target carrying any wireless device or being connected to the network
  • Tests with 197 participants achieved nearly 100% accuracy regardless of viewing angle or walking style
  • Beamforming feedback information (BFI) is transmitted without encryption, making it readable by anyone within range
  • The method uses standard Wi-Fi hardware, not specialized sensors or equipment

How Wi-Fi Routers Identify People

The technique works by intercepting beamforming feedback information—radio signals that devices automatically send to routers to optimize wireless performance. These signals are transmitted without encryption and contain detailed information about how radio waves reflect off objects and people in a room. Machine learning models analyze these reflections to create multiple “views” of a person, similar to how a camera captures images but using radio waves instead of light. After the system is trained on a person’s signal patterns, it can identify them in just a few seconds when they enter the router’s range.

Professor Thorsten Strufe explained the concept by drawing a direct parallel to conventional imaging: “By observing the propagation of radio waves, we can create an image of the surroundings and of persons who are present. This works similar to a normal camera, the difference being that in our case, radio waves instead of light waves are used for the recognition”. The method requires no access to the target Wi-Fi network itself—an attacker only needs to be within range of the router and able to capture the unencrypted beamforming signals passing through the air.

Why This Bypasses Common Privacy Assumptions

Most people assume they can protect themselves from wireless tracking by turning off their phones or disconnecting from networks. The Wi-Fi router identification technique renders these assumptions obsolete. Strufe emphasized this vulnerability: “Thus, it does not matter whether you carry a WiFi device on you or not”. The system works because nearby wireless devices connected to the network—laptops, smart home devices, tablets—continuously exchange beamforming signals with the router, and these signals alone contain enough information to identify people in the vicinity.

The reliance on unencrypted beamforming feedback is the critical vulnerability. Unlike channel state information (CSI) used in earlier Wi-Fi-based identification research, which measured how signals changed after bouncing off surfaces, this new method taps into the normal communication stream between routers and connected devices. Because BFI is broadcast without encryption as part of standard Wi-Fi operation, anyone with a basic receiver can intercept it. This makes the attack far more practical than previous approaches that required specialized equipment or network access.

Testing and Real-World Implications

Researchers tested the identification system with 197 participants and reported nearly 100% accuracy. The system remained effective regardless of viewing angle or how participants walked, meaning the technique is robust to natural variations in human movement and position. This consistency suggests the method would work reliably in real homes and offices where people move unpredictably.

The practical implications are sobering. Any router in a building could theoretically be used to identify and track occupants without their knowledge or consent. An attacker would need only a laptop or smartphone capable of receiving Wi-Fi signals—ubiquitous hardware—and no special permissions or access. Unlike traditional surveillance cameras, which are visible and require installation, this method operates invisibly through the normal functioning of Wi-Fi networks. The fact that the technique works on standard routers already deployed globally means the vulnerability exists in millions of installations today.

Comparison to Earlier Wi-Fi Tracking Methods

Previous research into Wi-Fi-based human identification relied on analyzing channel state information or required expensive sensors and specialized equipment. Those approaches were impractical for widespread deployment because they demanded either network access or custom hardware. The new beamforming-based method eliminates these barriers by using signals that are already being transmitted constantly by ordinary routers. This represents a significant step toward making person identification through Wi-Fi a scalable, low-cost surveillance technique.

What Can Be Done About It

The research raises urgent questions about Wi-Fi security standards and whether router manufacturers should encrypt beamforming feedback information. Currently, BFI is transmitted unencrypted as part of the Wi-Fi specification, a design choice made when privacy concerns about signal analysis were not widely understood. Addressing the vulnerability would likely require changes to Wi-Fi standards themselves, a slow process in the technology industry. Until then, users have limited practical defenses—the signals are generated by devices on the network, not by the user’s own choices.

FAQ

Can turning off your phone prevent Wi-Fi router identification?

No. The system works by analyzing signals from all wireless devices on the network, not just the target person’s phone. Even if you turn off your device, other connected devices in the home or office generate enough signal activity for the system to identify you.

Does the person being identified need to be on the Wi-Fi network?

No. The technique requires no access to the target Wi-Fi network. An attacker only needs to be within range of the router to intercept the unencrypted beamforming signals.

Is this technique available as a commercial product?

The research is a demonstration by academic researchers, not a released commercial product. However, the use of standard Wi-Fi hardware means the technique could theoretically be deployed by anyone with basic technical knowledge once the method becomes public.

The emergence of Wi-Fi router identification as a practical surveillance technique exposes a fundamental blind spot in how we think about wireless privacy. We assume Wi-Fi is secure because we worry about password cracking and network access, but the real vulnerability lies in the unencrypted signals routers broadcast to optimize performance. Until manufacturers and standards bodies take action, billions of Wi-Fi routers worldwide remain potential tracking devices, silently revealing who is in a room without any indication they are doing so.

Edited by the All Things Geek team.

Source: Tom's Hardware

Share This Article
Tech writer at All Things Geek. Covers artificial intelligence, semiconductors, and computing hardware.