Is Your Wi-Fi Router Watching You? New Research Exposes a Severe Privacy Vulnerability
Image credit to Tecnoic
When we think of home surveillance, we usually picture hidden cameras or compromised smart speakers. But new research out of Germany’s Karlsruhe Institute of Technology (KIT) reveals that the everyday Wi-Fi routers sitting in our living rooms possess a massive privacy vulnerability, one capable of identifying human bodies within their range with startling accuracy.
The study, recently highlighted by Gizmodo, demonstrates that machine learning algorithms can be used to identify individuals based entirely on Wi-Fi signals, achieving an accuracy rate of 99.5 percent. For an industry increasingly concerned with data privacy, the findings raise a crucial question: Is it time to rethink how we transmit data through our homes?
The Problem with Beamforming
To understand the vulnerability, we have to look at how modern routers work. The researchers exploited a process called beamforming feedback information (BFI). Older Wi-Fi routers used to broadcast signals indiscriminately, blanketing an entire area in coverage. Modern routers, however, use beamforming to focus their signals directly at connected devices, improving network speed and reliability.
While great for streaming and gaming, beamforming has a significant downside for privacy. To maintain this focused connection, devices must constantly send feedback to the router. As these radio waves travel back and forth, they bounce off physical objects in the real world, walls, furniture, pets, and people.
By analysing the gap between the clean signal the router expected to receive and the distorted feedback it actually gets, the KIT researchers were able to inadvertently map the physical characteristics of 161 individual participants. The AI system proved incredibly resilient; even when subjects tried to trick the system by changing their walking gait or carrying large objects like backpacks, the system still identified them with 50 to 60 percent accuracy.
As study coauthor Thorsten Strufe explained, “This works similar to a normal camera, the difference being that in our case, radio waves instead of light waves are used for the recognition.”
An Open Door for Bad Actors
Perhaps the most alarming detail of the KIT study is how easily this data can be exploited. The BFI data bouncing around your home is entirely unencrypted. Worse still, a bad actor doesn't even need to be connected to your Wi-Fi network to intercept it.
Because Wi-Fi relies on radio frequencies (RF) that easily penetrate walls and wood, someone sitting in an adjacent apartment or a car parked outside could passively gather this data.
Other Wi-Fi tracking methods exist, such as a system called "WhoFi" developed by the Sapienza University of Rome, which uses channel state information (CSI) to detect movement. Proponents of WhoFi argue it offers anonymity, detecting presence without identifying the person. The KIT team, however, aggressively pushed back against this framing.
“While there may be legitimate use-cases, we explicitly consider identity inference via Wi-Fi sensing a privacy attack,” the KIT researchers wrote. They emphasised the severe risks of ubiquitous networks that can monitor people through walls and without explicit consent.
The LiFi Advantage
For followers of LiFi (Light Fidelity) technology, this research perfectly illustrates the inherent security flaws of radio frequency networks.
As Wi-Fi sensing turns ubiquitous networking equipment into invisible surveillance tools, LiFi offers a fundamentally safer architecture. Because LiFi transmits data using light waves instead of radio waves, it is bound by a simple law of physics: light cannot penetrate opaque objects.
With LiFi, the data, and any potential environmental "sensing" data, is strictly confined to the room where the light source is located. A hacker outside your home cannot intercept your LiFi signal to steal your passwords, nor can they use it to map the physical bodies inside your house. While Wi-Fi bleeds through drywall into public spaces, LiFi keeps your digital and physical footprint securely behind closed doors.
What Comes Next?
The researchers at KIT did not mince words about the implications of their findings. They concluded that regulators and hardware manufacturers looking to standardise Wi-Fi sensing must “strongly consider adding effective privacy protection,” or otherwise “abandon beamforming entirely.”
As connected devices continue to make their way into millions of homes, the balance between convenience and privacy is faltering. Until Wi-Fi standards are overhauled to encrypt our physical environments, technologies like LiFi stand out not just as alternatives for faster internet, but as necessary shields for our personal privacy.
What is Wi-Fi Sensing?
Wi-Fi sensing is a technology that uses the radio frequency (RF) signals emitted by everyday Wi-Fi routers to detect and monitor the physical environment. When a router sends out a signal, that signal bounces off objects, walls, and human bodies before reaching a receiver. By analysing the distortions in these bouncing signals (specifically looking at "Channel State Information" or CSI), AI algorithms can map out the environment.
The research you linked demonstrates that these algorithms are now advanced enough to map dense 3D shapes of human bodies, track their movements, and even monitor breathing or heart rates, essentially using standard Wi-Fi routers to "see" people in the dark and through walls.
What does this mean from a Privacy and Cybersecurity point of view?
From a Privacy Perspective: The implications are massive. Traditional surveillance requires hidden cameras, which need to be physically installed and require a line of sight. Wi-Fi sensing turns ubiquitous, already-installed networking equipment into surveillance tools.
Through-wall tracking: Because Wi-Fi signals pass through drywall and wood, a router in one room (or even in an adjoining apartment) could potentially be used to monitor the activities of people in another room without their knowledge or consent.
Invisible surveillance: People cannot visually detect that they are being monitored since no cameras or lenses are involved.
From a Cybersecurity Perspective: This dramatically expands the "attack surface" of a home network.
Physical stalking via digital hacking: Currently, if a hacker compromises your router, they might steal your passwords, intercept your browsing data, or use your devices in a botnet. If routers actively map physical bodies, a cyberattack instantly becomes a physical surveillance attack. A remote hacker could know exactly when you are home, what room you are in, and whether you are sleeping or awake.
Data protection: Networking companies will now have to secure incredibly sensitive physical data (like biometric-level mapping of your household) that routers were never originally designed to handle.
Does this mean LiFi is more suitable and safer than Wi-Fi sensing?
From a strictly privacy and anti-surveillance standpoint, yes, LiFi is inherently safer.
Why LiFi is safer against sensing:
LiFi (Light Fidelity) uses light waves (visible, ultraviolet, or infrared) to transmit data instead of radio waves.
The fundamental law of light is that it cannot penetrate opaque objects like walls.
Because LiFi signals are confined to the room where the light source is located, the data, and any potential "sensing" capabilities derived from that light, cannot leak through walls. A neighbour or a hacker sitting in a car outside cannot intercept your LiFi signal or use it to map your body through the wall.
Caveat regarding suitability: While LiFi is much safer from remote physical eavesdropping, its inability to pass through walls makes it less practically "suitable" as a direct, whole-house replacement for Wi-Fi. You would need a LiFi transmitter in every single room, and blocking the light (like putting your phone under a blanket or walking behind a piece of furniture) can drop the connection. Therefore, while LiFi offers superior physical privacy, Wi-Fi remains infinitely more convenient for general connectivity.
Source: https://futurism.com/future-society/wifi-routers-scan-body-identify-research
