WiFi Can Spy On You

City dwellers spend nearly every moment of every day awash in Wi-Fi signals. Homes, streets, businesses and office buildings are constantly blasting wireless signals every which way for the benefit of nearby phones, tablets, laptops, wearables and other connected paraphernalia.

When those devices connect to a router, they send requests for information, a weather forecast, the latest sports scores, a news article, and, in turn, receive that data, all over the air. As it communicates with the devices, the router is also gathering information about how its signals are traveling through the air, and whether they’re being disrupted by obstacles or interference. With that data, the router can make small adjustments to communicate more reliably with the devices it’s connected to.

But it can also be used to monitor humans, and in surprisingly detailed ways.

As people move through a space with a Wi-Fi signal, their bodies affect it, absorbing some waves and reflecting others in various directions. By analyzing the exact way a Wi-Fi signal is altered when a human moves through it, researchers can “see” what someone writes with their finger in the air, identify a particular person by the way they walk, and even read a person’s lips with startling accuracy, in some cases even if a router isn’t in the same room as the person performing the actions.

Several recent experiments have focused on using Wi-Fi signals to identify people, either based on their body shape or the specific way they tend to move. Earlier this month, a group of computer-science researchers at Northwestern Polytechnic University in China posted a paper to an online archive of scientific research, detailing a system that can accurately identify humans as they walk through a door nine times out of 10.

The system must first be trained: It has to learn individuals’ body shapes so it can identify them later. After memorizing body shapes, the system, which the researchers named FreeSense, watches for people walking across its line of sight. If it’s told the next passerby will be one of two people, the system can correctly identify which it is 95 percent of the time. If it’s choosing between six people, it identifies the right one 89 percent of the time.

The researchers proposed using their technology in a smart-home setting: If the router senses one person’s entry into a room, it could communicate with other connected devices—lights, appliances, window shades—to customize the room to that person’s preferences.

FreeSense mirrored another Wi-Fi-based identification system a group of researchers from Australia and the U.K. presented at a conference earlier this year. Their system, Wi-Fi ID, focused on gait as a way to identify people from among a small group.

It achieved 93 percent accuracy when choosing among two people, and 77 percent when choosing from among six. Eventually, the researchers wrote, the system could become accurate enough it could sound an alarm if an unrecognized intruder entered.

Something in the way? No problem. A pair of MIT researchers wrote in 2013 they could use a router to detect the number of humans in a room and identify some basic arm gestures, even through a wall. They could tell how many people were in a room from behind a solid wooden door, a 6-inch hollow wall supported by steel beams, or an 8-inch concrete wall, and detect messages drawn in the air from a distance of five meters, but still in another room, with 100 percent accuracy.

Using more precise sensors, the same MIT researchers went on to develop systems that can distinguish between different people standing behind walls, and remotely monitor breathing and heart rates with 99 percent accuracy.

President Obama got a glimpse of the latter technology during last year’s White House Demo Day in the form of Emerald, a device geared toward elderly people that can detect physical activity and falls throughout an entire home. The device even tries to predict falls before they happen by monitoring a person’s movement patterns.

Beyond human identification and general gesture recognition, Wi-Fi signals can be used to discern even the slightest of movements with extreme precision.

A system called “WiKey” presented at a conference last year could tell what keys a user was pressing on a keyboard by monitoring minute finger movements. Once trained, WiKey could recognize a sentence as it was typed with 93.5 percent accuracy, all using nothing but a commercially available router and some custom code created by the researchers.

And a group of researchers led by a Berkeley Ph.D. student presented technology at a 2014 conference that could “hear” what people were saying by analyzing the distortions and reflections in Wi-Fi signals created by their moving mouths. The system could determine which words from a list of lip-readable vocabulary were being said with 91 percent accuracy when one person was speaking, and 74 percent accuracy when three people were speaking at the same time.

Many researchers presented their Wi-Fi sensing technology as a way to preserve privacy while still capturing important data. Instead of using cameras to monitor a space, recording and preserving everything that happens in detail, a router-based system could detect movements or actions without intruding too much, they said.

But as Wi-Fi “vision” evolves, it may become more adaptable and need less training. And if a hacker is able to gain access to a router and install a WiKey-like software package, or trick a user into connecting to a malicious router, he or she can try to eavesdrop on what’s being typed nearby without the user ever knowing.

Because all of these ideas piggyback on one of the most ubiquitous wireless signals, they’re ripe for wide distribution once they’re refined, without the need for any new or expensive equipment. Routers could soon keep kids and older adults safe, log daily activities, or make a smart home run more smoothly, but, if invaded by a malicious hacker, they could also be turned into incredibly sophisticated hubs for monitoring and surveillance.

NextGov

 

« Cybersecurity in Aviation
Cybercrime Isn't The Reason Why Cash Remains King »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Prolinx

Prolinx

Prolinx provide secure Data Centre hosting services and other fully managed security services for networks and information systems.

Cleo

Cleo

Cleo is a leader in secure information integration, enabling both ease and excellence in business data movement and orchestration.

Phoenix Contact Cyber Security

Phoenix Contact Cyber Security

Phoenix Contact Cyber Security is a leading manufacturer of network security appliances for use in industrial environments.

Nethemba

Nethemba

Nethemba provide pentesting and security audits for networks and web applications. Other services include digital forensics, training and consultancy.

Protocol Policy Systems

Protocol Policy Systems

Protocol Policy Systems specialise in IT policy deployment and management systems that deliver compliance and secure computing environments.

Think Cyber Security (ThinkCyber)

Think Cyber Security (ThinkCyber)

ThinkCyber is a Tel Aviv-based Israeli company with a team of cybersecurity professionals who are experts in both information and operations technology.

TitanHQ

TitanHQ

TitanHQ offers ultimate protection from internet based threats and powerful Web filtering functionalities to SMBs, Service Providers and Education sectors around the World.

Consortium for Information & Software Quality (CISQ)

Consortium for Information & Software Quality (CISQ)

The mission of CISQ is to develop international standards for software quality and to promote the development and sustainment of secure, reliable, and trustworthy software.

CybExer Technologies

CybExer Technologies

CybExer provide an on-premise, easily deployable solution for complex technical cyber security exercises based on experience in military grade ranges.

GlobalPass

GlobalPass

Covering 200+ countries with 78 000 databases, GlobalPass provides sophisticated facial biometrics verification and deep screening, delivering peace of mind to every client.

Inceptus

Inceptus

Inceptus is a next generation Managed Security Service Provider (MSSP). We are dedicated to keeping our customers safe, secure and protected while doing business on the Internet.

Virtue Security

Virtue Security

Virtue Security are specialists in web application penetration testing.

Guardio

Guardio

Guardio develop tools and products to combat modern web and browser threats.

Orca Technology

Orca Technology

Orca is a UK-based Managed Service Provider delivering end-to-end managed IT services, support, hosted desktop, cloud solutions and strategic guidance.

Anthropic

Anthropic

Anthropic is a Public Benefit Corporation, whose purpose is the responsible development and maintenance of advanced AI for the long-term benefit of humanity.

EK3 Technologies

EK3 Technologies

EK3 Technologies mission is to provide comprehensive cybersecurity and IT solutions that allow our clients to focus on sustaining their business.