Researchers have shown that it is possible to transform any modern Wi-Fi network into a passive detection system, capable of drawing an image of a person passing nearby – even if they are not connected to anything, without a smartphone or laptop on them. All it takes is for the radio waves emitted by the router to reflect on its body and the disturbances in the signal make it possible to reconstruct a sort of “silhouette” in the radio spectrum, which can be used to follow it wherever there is Wi-Fi, summarizes Popular Mechanics.
At the heart of this new threat: “beamforming feedback information” (BFI) or spatial filtering, a mechanism introduced with Wi-Fi 5 to improve connection quality. When a device (smartphone, computer) is connected to a network, it constantly sends information back to the router on how it receives the signal, so that the latter can better direct its beams. Problem: this information is transmitted… in plain text. “As the BFI is transmitted unencrypted over the air, no specialized hardware with custom firmware is required to record it”warn Julian Todt, Felix Morsbach and Thorsten Strufe of the KASTEL Security Research Labs in Karlsruhe, Germany.
In a study presented at the CCS 2025 security conference, the three researchers describe what is the first identity inference attack based on this kind of data. The principle: compare the actual BFI to what would be expected in an empty environment, then use the difference to reconstruct what disturbs the waves – walls, furniture, but also moving human bodies. By training a machine learning model on these “radio fingerprints”the attack manages to identify individuals with an accuracy of up to 99.5%.
A new era of surveillance?
This approach goes further than previous work based on “channel state information” (CSI), another low layer of Wi-Fi that describes how the signal distorts as it passes through space. Until now, operating the CSI required specific hardware and drivers, which limited the risks. The BFI is generated by design in Wi-Fi 5 and 6, and available on consumer equipment.
The implications go beyond the simple identification of human presence. By carefully analyzing interference, an ill-intentioned person can record your movements in a home, your posture, certain activities and, ultimately, spy on your every move – without you ever having turned on the Wi-Fi on your phone. In a neighborhood surveillance scenario, a neighbor could continuously monitor the occupancy of surrounding apartments; on the scale of an authoritarian regime, this technology could be used to follow demonstrators and opponents, without cookies, trackers nor surveillance cameras.
Countermeasures exist on paper: software scrambling of BFI packets, addition of random noise, filtering or partial encryption. But most remain experimental and degrade the quality of service expected by operators and customers. This is the whole dilemma: the more precise and “intelligent” Wi-Fi becomes in optimizing our connections and detecting what is happening in space, the more information it accumulates that can be used for invisible surveillance purposes.
For the moment, it is impossible to disable BFI on the majority of consumer routers. The user has little choice but to trust the manufacturers and the wi-fi ecosystem. Researchers are therefore calling for a public debate before these capabilities become commonplace in millions of homes.
