New research warns that attackers, public authorities, and companies can now turn every router “into a potential means for surveillance” with “almost 100% accuracy.”
Researchers at the Karlsruhe Institute of Technology (KIT) in Germany recently conducted a study and discovered that ordinary WiFi networks can identify people using something called beamforming feedback information (BFI) and machine learning models. Beamforming, the researchers explain, was introduced in WiFi 5, and requires clients to broadcast observations of their channel characteristics.
“If you pass by a cafe that operates a WiFi network, you can be identified – even if you do not carry a cell phone with you,” the researchers stated in a press release.
Calling it “a significant risk to privacy,” the researchers revealed that “it is unnecessary for the persons to carry any devices on them, nor is any specific hardware needed to identify people present in the range of the WLAN. It takes nothing but WiFi devices communicating with each other in the person’s surroundings.” They also pointed out that switching off your device does not help.
“This technology turns every router into a potential means for surveillance,” warns Julian Todt from KASTEL – KIT’s Institute of Information Security and Dependability. He says this information means a person can “be identified there without noticing it and be recognized later – for example by public authorities or companies.”
The study, which involved 197 participants, inferred their identity “with almost 100% accuracy – independently of the perspective or their gait.”
“The technology is powerful, but at the same time entails risks to our fundamental rights, especially to privacy,” said KASTEL Professor Thorsten Strufe.
Due to the results of the study, the researchers are now “urgently” calling for protective measures and privacy safeguards in the forthcoming IEEE 802.11bf WiFi standard.