WiFi Can Spy On You

City dwellers spend nearly every moment of every day awash in Wi-Fi signals. Homes, streets, businesses and office buildings are constantly blasting wireless signals every which way for the benefit of nearby phones, tablets, laptops, wearables and other connected paraphernalia.

When those devices connect to a router, they send requests for information, a weather forecast, the latest sports scores, a news article, and, in turn, receive that data, all over the air. As it communicates with the devices, the router is also gathering information about how its signals are traveling through the air, and whether they’re being disrupted by obstacles or interference. With that data, the router can make small adjustments to communicate more reliably with the devices it’s connected to.

But it can also be used to monitor humans, and in surprisingly detailed ways.

As people move through a space with a Wi-Fi signal, their bodies affect it, absorbing some waves and reflecting others in various directions. By analyzing the exact way a Wi-Fi signal is altered when a human moves through it, researchers can “see” what someone writes with their finger in the air, identify a particular person by the way they walk, and even read a person’s lips with startling accuracy, in some cases even if a router isn’t in the same room as the person performing the actions.

Several recent experiments have focused on using Wi-Fi signals to identify people, either based on their body shape or the specific way they tend to move. Earlier this month, a group of computer-science researchers at Northwestern Polytechnic University in China posted a paper to an online archive of scientific research, detailing a system that can accurately identify humans as they walk through a door nine times out of 10.

The system must first be trained: It has to learn individuals’ body shapes so it can identify them later. After memorizing body shapes, the system, which the researchers named FreeSense, watches for people walking across its line of sight. If it’s told the next passerby will be one of two people, the system can correctly identify which it is 95 percent of the time. If it’s choosing between six people, it identifies the right one 89 percent of the time.

The researchers proposed using their technology in a smart-home setting: If the router senses one person’s entry into a room, it could communicate with other connected devices—lights, appliances, window shades—to customize the room to that person’s preferences.

FreeSense mirrored another Wi-Fi-based identification system a group of researchers from Australia and the U.K. presented at a conference earlier this year. Their system, Wi-Fi ID, focused on gait as a way to identify people from among a small group.

It achieved 93 percent accuracy when choosing among two people, and 77 percent when choosing from among six. Eventually, the researchers wrote, the system could become accurate enough it could sound an alarm if an unrecognized intruder entered.

Something in the way? No problem. A pair of MIT researchers wrote in 2013 they could use a router to detect the number of humans in a room and identify some basic arm gestures, even through a wall. They could tell how many people were in a room from behind a solid wooden door, a 6-inch hollow wall supported by steel beams, or an 8-inch concrete wall, and detect messages drawn in the air from a distance of five meters, but still in another room, with 100 percent accuracy.

Using more precise sensors, the same MIT researchers went on to develop systems that can distinguish between different people standing behind walls, and remotely monitor breathing and heart rates with 99 percent accuracy.

President Obama got a glimpse of the latter technology during last year’s White House Demo Day in the form of Emerald, a device geared toward elderly people that can detect physical activity and falls throughout an entire home. The device even tries to predict falls before they happen by monitoring a person’s movement patterns.

Beyond human identification and general gesture recognition, Wi-Fi signals can be used to discern even the slightest of movements with extreme precision.

A system called “WiKey” presented at a conference last year could tell what keys a user was pressing on a keyboard by monitoring minute finger movements. Once trained, WiKey could recognize a sentence as it was typed with 93.5 percent accuracy, all using nothing but a commercially available router and some custom code created by the researchers.

And a group of researchers led by a Berkeley Ph.D. student presented technology at a 2014 conference that could “hear” what people were saying by analyzing the distortions and reflections in Wi-Fi signals created by their moving mouths. The system could determine which words from a list of lip-readable vocabulary were being said with 91 percent accuracy when one person was speaking, and 74 percent accuracy when three people were speaking at the same time.

Many researchers presented their Wi-Fi sensing technology as a way to preserve privacy while still capturing important data. Instead of using cameras to monitor a space, recording and preserving everything that happens in detail, a router-based system could detect movements or actions without intruding too much, they said.

But as Wi-Fi “vision” evolves, it may become more adaptable and need less training. And if a hacker is able to gain access to a router and install a WiKey-like software package, or trick a user into connecting to a malicious router, he or she can try to eavesdrop on what’s being typed nearby without the user ever knowing.

Because all of these ideas piggyback on one of the most ubiquitous wireless signals, they’re ripe for wide distribution once they’re refined, without the need for any new or expensive equipment. Routers could soon keep kids and older adults safe, log daily activities, or make a smart home run more smoothly, but, if invaded by a malicious hacker, they could also be turned into incredibly sophisticated hubs for monitoring and surveillance.

NextGov

 

« Cybersecurity in Aviation
Cybercrime Isn't The Reason Why Cash Remains King »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

AusCERT

AusCERT

AusCERT is the premier Computer Emergency Response Team (CERT) in Australia and a leading CERT in the Asia/Pacific region

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN) is a not for profit group of professionals in the field of Information Security in Nigeria and Diaspora.

Cymulate

Cymulate

Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time.

NopSec

NopSec

NopSec provides automated IT security control measurement and risk remediation solutions to help businesses protect their IT environments from security breaches.

SEWORKS

SEWORKS

SEWORKS provides offensive and defensive app security that ensures mobile and web apps are safe from dangerous hacking threats.

Subgraph

Subgraph

Subgraph is an open source security company, committed to making secure and usable open source computing available to everyone.

BehavioSec

BehavioSec

BehavioSec uses the way your customers type, swipe, and hold their devices, and enables them to authenticate themselves through their own behavior patterns.

Hellenic Accreditation System (ESYD)

Hellenic Accreditation System (ESYD)

ESYD is the national accreditation body for Greece. The directory of members provides details of organisations offering certification services for ISO 27001.

Quantstamp

Quantstamp

Quantstamp are experts in Smart Contract Security Audits. We provide verification that your decentralized system works as intended.

AlertEnterprise

AlertEnterprise

AlertEnterprise uniquely eliminates silos and uncovers blended threats across IT Security, Physical Access Controls and Industrial Control Systems.

Cyber NYC

Cyber NYC

Cyber NYC is a suite of strategic investments to grow New York City’s cybersecurity workforce, help companies drive innovation, and build networks and community spaces.

Ascend Technologies

Ascend Technologies

Ascend Technologies offers a full suite of managed IT services including: Cloud & Infrastructure Management, Cybersecurity Management, Service Desk Management, Application Management , Data Management

Belcan

Belcan

Belcan is a global supplier of engineering, manufacturing & supply chain, workforce and government IT solutions to customers in the aerospace, defense, automotive, industrial, and private sector.

Blumira

Blumira

Blumira provides comprehensive, hybrid cloud security monitoring and reporting for organizations of all sizes, enabling them to detect and respond to cloud security threats quickly and effectively.

Outsource Group

Outsource Group

Outsource Group is an award winning Cyber Security and IT Managed Services group working with a range of SME/Enterprise customers across the UK, Ireland and internationally.

Green Radar

Green Radar

Green Radar is a next generation cybersecurity company which combines technologies and services together to deliver Threat Detection for Emails and Deep Threat Analytics and Response.