Researchers warn of 'privacy attack' as common home Wi-Fi routers can identify your body through walls

Your home Wi-Fi router may be doing more than keeping your devices connected. 

Researchers warn that common routers could also be used to identify nearby people, even through walls.

What happened?

Researchers at Germany's Karlsruhe Institute of Technology examined beamforming feedback information, or BFI, a type of data used by many modern Wi-Fi routers. 

Using machine learning, they said they could turn that information into a way of identifying people with 99.5% accuracy, a result that points to a major privacy risk, Futurism reported.

Beamforming was originally designed to improve internet performance by directing Wi-Fi signals more precisely to connected devices, rather than broadcasting coverage evenly across a space. But that added convenience appears to come with a serious downside.

The study involved 161 participants, and the method relied on how Wi-Fi signals are affected by walls, furniture, pets, and human bodies. 

By comparing expected signal patterns with the actual data the router received, the researchers said they were able to distinguish individuals. Even when participants changed the way they walked or carried items such as backpacks or crates, the system still identified them with 50% to 60% accuracy.

"This works similar to a normal camera, the difference being that in our case, radio waves instead of light waves are used for the recognition," study co-author Thorsten Strufe said in a press release.

Why does it matter?

A key concern is that the feedback data may be exposed. The researchers said it is not encrypted and may be accessible without a direct connection to the router, suggesting someone might not need physical access to the network to exploit it.

Consumer tech companies and standards bodies have introduced increasingly sophisticated Wi-Fi features without adding stronger privacy protections. 

Faster, smarter connectivity is often marketed as a benefit, but consumers are typically not told that the same hardware may also be capable of sensing and identifying them in their homes.

The researchers were blunt about the scale of the threat. "We have shown robust identity inference with common-of-the-shelf hardware which is already in widespread adoption in many homes and public areas," the team wrote in its paper. 

"With this hardware making its way into millions of homes, the privacy concerns are severe."

The KIT team argued that identity can also be inferred, making claims of anonymity far less reassuring than they may sound.

What's being done?

Although the team said more research is needed, it also argued that privacy protections should not be postponed while regulators and companies continue shaping Wi-Fi sensing standards.

The researchers rejected the notion that this is merely an interesting technical possibility. "While there maybe legitimate use-cases, we explicitly consider identity inference via Wi-Fi sensing a privacy attack," they wrote. 

"This view reflects the serious risks associated with the ubiquity of Wi-Fi networks, their ability to sense through walls and in non-line-of-sight scenarios, and the fact that this would likely happen without explicit consent."

The immediate options appear limited because the issue is tied to hardware and protocol design rather than a single app setting.

Any broader fix will likely have to come from manufacturers, standards groups, and regulators who are willing to put privacy ahead of convenience and marketing claims.

The researchers did not soften their recommendation. Companies should "strongly consider adding effective privacy protection," they wrote, or else "abandon beamforming entirely."

Get TCD's free newsletters for easy tips, smart advice, and a chance to earn $5,000 toward home upgrades. To see more stories like this one, change your Google preferences here.