WiFi Can Spy On You

City dwellers spend nearly every moment of every day awash in Wi-Fi signals. Homes, streets, businesses and office buildings are constantly blasting wireless signals every which way for the benefit of nearby phones, tablets, laptops, wearables and other connected paraphernalia.

When those devices connect to a router, they send requests for information, a weather forecast, the latest sports scores, a news article, and, in turn, receive that data, all over the air. As it communicates with the devices, the router is also gathering information about how its signals are traveling through the air, and whether they’re being disrupted by obstacles or interference. With that data, the router can make small adjustments to communicate more reliably with the devices it’s connected to.

But it can also be used to monitor humans, and in surprisingly detailed ways.

As people move through a space with a Wi-Fi signal, their bodies affect it, absorbing some waves and reflecting others in various directions. By analyzing the exact way a Wi-Fi signal is altered when a human moves through it, researchers can “see” what someone writes with their finger in the air, identify a particular person by the way they walk, and even read a person’s lips with startling accuracy, in some cases even if a router isn’t in the same room as the person performing the actions.

Several recent experiments have focused on using Wi-Fi signals to identify people, either based on their body shape or the specific way they tend to move. Earlier this month, a group of computer-science researchers at Northwestern Polytechnic University in China posted a paper to an online archive of scientific research, detailing a system that can accurately identify humans as they walk through a door nine times out of 10.

The system must first be trained: It has to learn individuals’ body shapes so it can identify them later. After memorizing body shapes, the system, which the researchers named FreeSense, watches for people walking across its line of sight. If it’s told the next passerby will be one of two people, the system can correctly identify which it is 95 percent of the time. If it’s choosing between six people, it identifies the right one 89 percent of the time.

The researchers proposed using their technology in a smart-home setting: If the router senses one person’s entry into a room, it could communicate with other connected devices—lights, appliances, window shades—to customize the room to that person’s preferences.

FreeSense mirrored another Wi-Fi-based identification system a group of researchers from Australia and the U.K. presented at a conference earlier this year. Their system, Wi-Fi ID, focused on gait as a way to identify people from among a small group.

It achieved 93 percent accuracy when choosing among two people, and 77 percent when choosing from among six. Eventually, the researchers wrote, the system could become accurate enough it could sound an alarm if an unrecognized intruder entered.

Something in the way? No problem. A pair of MIT researchers wrote in 2013 they could use a router to detect the number of humans in a room and identify some basic arm gestures, even through a wall. They could tell how many people were in a room from behind a solid wooden door, a 6-inch hollow wall supported by steel beams, or an 8-inch concrete wall, and detect messages drawn in the air from a distance of five meters, but still in another room, with 100 percent accuracy.

Using more precise sensors, the same MIT researchers went on to develop systems that can distinguish between different people standing behind walls, and remotely monitor breathing and heart rates with 99 percent accuracy.

President Obama got a glimpse of the latter technology during last year’s White House Demo Day in the form of Emerald, a device geared toward elderly people that can detect physical activity and falls throughout an entire home. The device even tries to predict falls before they happen by monitoring a person’s movement patterns.

Beyond human identification and general gesture recognition, Wi-Fi signals can be used to discern even the slightest of movements with extreme precision.

A system called “WiKey” presented at a conference last year could tell what keys a user was pressing on a keyboard by monitoring minute finger movements. Once trained, WiKey could recognize a sentence as it was typed with 93.5 percent accuracy, all using nothing but a commercially available router and some custom code created by the researchers.

And a group of researchers led by a Berkeley Ph.D. student presented technology at a 2014 conference that could “hear” what people were saying by analyzing the distortions and reflections in Wi-Fi signals created by their moving mouths. The system could determine which words from a list of lip-readable vocabulary were being said with 91 percent accuracy when one person was speaking, and 74 percent accuracy when three people were speaking at the same time.

Many researchers presented their Wi-Fi sensing technology as a way to preserve privacy while still capturing important data. Instead of using cameras to monitor a space, recording and preserving everything that happens in detail, a router-based system could detect movements or actions without intruding too much, they said.

But as Wi-Fi “vision” evolves, it may become more adaptable and need less training. And if a hacker is able to gain access to a router and install a WiKey-like software package, or trick a user into connecting to a malicious router, he or she can try to eavesdrop on what’s being typed nearby without the user ever knowing.

Because all of these ideas piggyback on one of the most ubiquitous wireless signals, they’re ripe for wide distribution once they’re refined, without the need for any new or expensive equipment. Routers could soon keep kids and older adults safe, log daily activities, or make a smart home run more smoothly, but, if invaded by a malicious hacker, they could also be turned into incredibly sophisticated hubs for monitoring and surveillance.

NextGov

 

« Cybersecurity in Aviation
Cybercrime Isn't The Reason Why Cash Remains King »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Zscaler

Zscaler

Zscaler enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud first world.

InfoWatch

InfoWatch

InfoWatch solutions allow you to protect data and information assets that are critically important to your business.

Maryman & Associates

Maryman & Associates

Maryman & Associates are specialists in computer forensic investigations, incident response and e-discovery services.

TUV Sud

TUV Sud

TÜV SÜD is one of the world's leading technical service organisations. Services offered include industrial cyber security.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

BankVault

BankVault

BankVault is a new type of cyber technology (called remote isolation) which sidesteps your local machine and any possible malware.

Approach

Approach

Approach is a leading provider of cyber security consulting and secure application development services in Belgium.

Pryv

Pryv

Pryv is a Swissmade software for privacy, personal data collection, usage, sharing and storage.

itbox.online

itbox.online

Itbox.online offers IT solutions to ensure that your company's technologies are always available and secure as your business demands.

S2S Group

S2S Group

S2S Group specialise in the destruction and management of IT assets at the end of the lifecycle.

German Accelerator

German Accelerator

German Accelerator supports high-potential German startups in successfully entering the U.S. and Southeast Asian markets.

PixelPlex

PixelPlex

PixelPlex is a blockchain and custom software development company with offices and developers in New York, Geneva, and Seoul.

xorlab

xorlab

xorlab is a Swiss cybersecurity company providing specialized, machine-intelligent defense against highly engineered, sophisticated and targeted email attacks.

DeNexus

DeNexus

DeNexus is the leading provider of cyber risk modeling for industrial networks. Our Mission is to build the Global Standard for Industrial Cyber Risk Quantification.

Think|Stack

Think|Stack

Think|Stack is a managed IT services company specializing in cloud and cybersecurity with human-centered design.

UK Cyber Cluster Collaboration (UKC3)

UK Cyber Cluster Collaboration (UKC3)

UKC3 has been launched to support Cyber Clusters and encourage greater collaboration across regions and nations of the UK.