Using Wi-Fi to “see” behind closed doors is easier than anyone thought
Wi-Fi fills our world with radio waves. In your home, in the office, and increasingly on city streets, humans are bathed in a constant background field of 2.4- and 5-gigahertz radio signals. And when people move, they distort this field, reflecting and refracting the waves as they go.
That’s given more than one group of researchers an interesting idea. In theory, they say, it ought to be possible to use this changing electromagnetic field to work out the position, actions, and movement of individuals. Indeed, several groups have created imaging systems that use Wi-Fi to “see” through walls.
But all these systems have drawbacks. For example, they rely on knowing the exact position of the Wi-Fi transmitters involved and need to be logged in to the network so that they can send known signals back and forth.
That isn’t possible for the ordinary snooper or peeping tom, who might typically have access only to off-the-shelf Wi-Fi sniffers such as those built into smartphones. This kind of set-up is just too basic to reveal any useful detail about what goes on behind closed doors, other than the presence of the Wi-Fi network itself.
At least, that’s what everybody thought. Today that changes thanks to the work of Yanzi Zhu at the University of California, Santa Barbara, and colleagues. These guys have found a way to see through walls using ambient Wi-Fi signals and an ordinary smartphone.
They say the new technique allows an unprecedented invasion of privacy. “Bad actors using smartphones can localize and track individuals in their home or office from outside walls, by leveraging reflections of ambient Wi-Fi transmissions,” they say.
First some background. If humans were able to see the world as Wi-Fi does, it would seem a bizarre landscape. Doors and walls would be almost transparent, and almost every house and office would be illuminated from within by a bright light bulb—a Wi-Fi transmitter.
But despite the widespread transparency, this world would be hard to make sense of. That’s because walls, doors, furniture, and so on all reflect and bend this light as well as transmitting it. So any image would be impossibly smeared with confusing reflections.
But this needn’t be an issue if all you are interested in is the movement of people. Humans also reflect and distort this Wi-Fi light. The distortion, and the way it moves, would be clearly visible through Wi-Fi eyes, even though the other details would be smeared. This crazy Wi-Fi vision would clearly reveal whether anybody was behind a wall and, if so, whether the person was moving.
That’s the basis of Zhu and co’s Wi-Fi-based peeping tom. It looks for changes in an ordinary Wi-Fi signal that reveal the presence of humans.
The challenge is actually even harder than described, because Wi-Fi sniffers don’t produce an image at all. The data that Zhu and co use is just a measurement of the signal strength at a specific location. That doesn’t tell you anything about the location of the transmitter. And without knowing that, it’s impossible to say where any human that distorts the field would be.
So the first step in the researchers’ approach is to locate the Wi-Fi transmitter. They do this by measuring the change in the signal strength as they walk around outside the target building or room. Indeed, they have created an app that uses the smartphone’s built-in accelerometers to record this movement and then analyzes the change in signal strength as they move. In that way, it is possible to number-crunch the position of the transmitter, even in the presence of numerous reflections and distortions.
It is even possible to work out exactly where the transmitter sits inside a house, because floor plans of most homes and offices in the US are downloadable from places such as real estate websites.
The researchers say that by walking back and forth a few times outside a room or building, they can reliably locate the transmitter. “We found that consistency check across 4 rounds of measurements is sufficient to achieve room level localization of 92.6% accuracy on average,” they say.
Having done that, it’s just a question of waiting. Provided nothing moves inside the target building, the Wi-Fi signal will be constant. But any small movement changes the signal in a way that is straightforward to measure.
Zhu and co show how various movements change the signal in different ways. For example, opening a door changes the field in two adjacent rooms and thus is straightforward to spot. Walking around creates large distortions, and even an action like typing creates small changes that a smartphone Wi-Fi receiver can pick up.
The team go on to say that they have tested this approach using Nexus 5 and Nexus 6 Android smartphones to peer into 11 different offices and apartments that the team had permission to observe, many of which contained several Wi-Fi transmitters.
Additional transmitters improve the accuracy of the approach. “We see that with more than 2 Wi-Fi devices in a regular room, our attack can detect more than 99% of the user presence and movement in each room we have tested,” say the researchers.
It’s not hard to imagine how a malicious actor might use this to work out if a building was occupied or empty.
The team say there are various defenses against this type of attack, such as geofencing Wi-Fi signals, but these are difficult to implement and have limited effectiveness. The most promising form of defense seems to be adding noise to the signals; the researchers are hoping to develop this in more detail in future.
In the meantime, this work suggests that the mere presence of Wi-Fi signals is a significant risk to privacy. “While greatly improving our everyday life, [wireless transmissions] also unknowingly reveal information about ourselves and our actions,” say Zhu and co. For the moment, this risk has been largely overlooked. That will need to change quickly.
Ref: arxiv.org/abs/1810.10109 : Adversarial WiFi Sensing
How Rust went from a side project to the world’s most-loved programming language
For decades, coders wrote critical systems in C and C++. Now they turn to Rust.
Welcome to the oldest part of the metaverse
Ultima Online, which just turned 25, offers a lesson in the challenges of building virtual worlds.
A new paradigm for managing data
Open data lakehouse architectures speed insights and deliver self-service analytics capabilities.
Three ways networking services simplify network management
The right networking services orchestrate note-perfect network performance.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.