Wi-Fi fills our world with radio waves. In your home, in the office, and increasingly on city streets, humans are bathed in a constant background field of 2.4- and 5-gigahertz radio signals. And when people move, they distort this field, reflecting and refracting the waves as they go.
That’s given more than one group of researchers an interesting idea. In theory, they say, it ought to be possible to use this changing electromagnetic field to work out the position, actions, and movement of individuals. Indeed, several groups have created imaging systems that use Wi-Fi to “see” through walls.
But all these systems have drawbacks. For example, they rely on knowing the exact position of the Wi-Fi transmitters involved and need to be logged in to the network so that they can send known signals back and forth.
That isn’t possible for the ordinary snooper or peeping tom, who might typically have access only to off-the-shelf Wi-Fi sniffers such as those built into smartphones. This kind of set-up is just too basic to reveal any useful detail about what goes on behind closed doors, other than the presence of the Wi-Fi network itself.
At least, that’s what everybody thought. Today that changes thanks to the work of Yanzi Zhu at the University of California, Santa Barbara, and colleagues. These guys have found a way to see through walls using ambient Wi-Fi signals and an ordinary smartphone.
They say the new technique allows an unprecedented invasion of privacy. “Bad actors using smartphones can localize and track individuals in their home or office from outside walls, by leveraging reflections of ambient Wi-Fi transmissions,” they say.
First some background. If humans were able to see the world as Wi-Fi does, it would seem a bizarre landscape. Doors and walls would be almost transparent, and almost every house and office would be illuminated from within by a bright light bulb—a Wi-Fi transmitter.
But despite the widespread transparency, this world would be hard to make sense of. That’s because walls, doors, furniture, and so on all reflect and bend this light as well as transmitting it. So any image would be impossibly smeared with confusing reflections.
But this needn’t be an issue if all you are interested in is the movement of people. Humans also reflect and distort this Wi-Fi light. The distortion, and the way it moves, would be clearly visible through Wi-Fi eyes, even though the other details would be smeared. This crazy Wi-Fi vision would clearly reveal whether anybody was behind a wall and, if so, whether the person was moving.
That’s the basis of Zhu and co’s Wi-Fi-based peeping tom. It looks for changes in an ordinary Wi-Fi signal that reveal the presence of humans.
The challenge is actually even harder than described, because Wi-Fi sniffers don’t produce an image at all. The data that Zhu and co use is just a measurement of the signal strength at a specific location. That doesn’t tell you anything about the location of the transmitter. And without knowing that, it’s impossible to say where any human that distorts the field would be.
So the first step in the researchers’ approach is to locate the Wi-Fi transmitter. They do this by measuring the change in the signal strength as they walk around outside the target building or room. Indeed, they have created an app that uses the smartphone’s built-in accelerometers to record this movement and then analyzes the change in signal strength as they move. In that way, it is possible to number-crunch the position of the transmitter, even in the presence of numerous reflections and distortions.
It is even possible to work out exactly where the transmitter sits inside a house, because floor plans of most homes and offices in the US are downloadable from places such as real estate websites.
The researchers say that by walking back and forth a few times outside a room or building, they can reliably locate the transmitter. “We found that consistency check across 4 rounds of measurements is sufficient to achieve room level localization of 92.6% accuracy on average,” they say.
Having done that, it’s just a question of waiting. Provided nothing moves inside the target building, the Wi-Fi signal will be constant. But any small movement changes the signal in a way that is straightforward to measure.
Zhu and co show how various movements change the signal in different ways. For example, opening a door changes the field in two adjacent rooms and thus is straightforward to spot. Walking around creates large distortions, and even an action like typing creates small changes that a smartphone Wi-Fi receiver can pick up.
The team go on to say that they have tested this approach using Nexus 5 and Nexus 6 Android smartphones to peer into 11 different offices and apartments that the team had permission to observe, many of which contained several Wi-Fi transmitters.
Additional transmitters improve the accuracy of the approach. “We see that with more than 2 Wi-Fi devices in a regular room, our attack can detect more than 99% of the user presence and movement in each room we have tested,” say the researchers.
It’s not hard to imagine how a malicious actor might use this to work out if a building was occupied or empty.
The team say there are various defenses against this type of attack, such as geofencing Wi-Fi signals, but these are difficult to implement and have limited effectiveness. The most promising form of defense seems to be adding noise to the signals; the researchers are hoping to develop this in more detail in future.
In the meantime, this work suggests that the mere presence of Wi-Fi signals is a significant risk to privacy. “While greatly improving our everyday life, [wireless transmissions] also unknowingly reveal information about ourselves and our actions,” say Zhu and co. For the moment, this risk has been largely overlooked. That will need to change quickly.
Ref: arxiv.org/abs/1810.10109 : Adversarial WiFi Sensing
The US military wants to understand the most important software on Earth
Open-source code runs on every computer on the planet—and keeps America’s critical infrastructure going. DARPA is worried about how well it can be trusted
Corruption is sending shock waves through China’s chipmaking industry
The arrests of several top semiconductor fund executives could force the government to rethink how it invests in the sector.
The hacking industry faces the end of an era
But even if NSO Group is no more, there are plenty of rivals who will rush in to take its place. And the same old problems haven’t gone away.
Energy-hungry data centers are quietly moving into cities
Companies are pushing more server farms into the hearts of population centers.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.