These aren’t welcome findings, because almost every home in America has a Wi-Fi router. Theoretically, once you have been ID’d by your personal router (if it has built-in beam forming technology), other similar Wi-Fi signals anywhere in the world could “see” you passing by. This is the type of tech that could be added to your biometric profile as a fail-safe ID that can’t be spoofed. Cameras might see your face to ID you, but you cannot hide from Wi-Fi. ⁃ Patrick Wood, Editor.
If you were paranoid about digital tracking before, you might want to think twice about reading any further.
New research out of Germany’s Karlsruhe Institute of Technology found that the types of Wi-Fi routers we all have in our homes come with a major privacy vulnerability that can be used to identify any human body that comes within their range.
The study, flagged by Gizmodo, used machine learning systems to identify individuals with an accuracy rate of 99.5 percent. To do so, the researchers exploited a vulnerability in a process known as beamforming feedback information (BFI), which was introduced to allow routers to focus Wi-Fi signals on connected devices, as opposed to the older approach, which is to blanket an entire area in coverage.
While BFI is great for network connectivity, it has a major downsides for privacy. For starters, devices connected to a router using beamforming need to send constant feedback in order to be found. As routers send out and receive network feedback, the signal is inevitably impacted by real world factors like pets, walls, and people.
That gap, between the signals routers expect to receive and the distorted feedback they actually get, allowed researchers to extrapolate the identities of 161 individual participants based on BFI data which inadvertently mapped their physical characteristics. Even when individuals changed their gait or carried objects like backpacks and crates, the system registered an accuracy rate between 50 to 60 percent, the KIT team wrote.
“This works similar to a normal camera, the difference being that in our case, radio waves instead of light waves are used for the recognition,” study coauthors Thorsten Strufe said in a press release.
Making matters worse is the fact that this data is basically wide open for anyone to grab — not only is that feedback data unencrypted, it can also be accessed without ever connecting directly to the router.
“We have shown robust identity inference with common-of-the-shelf hardware which is already in widespread adoption in many homes and public areas,” the team wrote in their paper. “With this hardware making its way into millions of homes, the privacy concerns are severe.”
The KIT findings contrast to other Wi-Fi tracking systems, like one developed by researchers at the Sapienza University of Rome. That method, called “WhoFi,” uses channel state information, which is much harder to access on consumer hardware, but can still identify people through walls with an alarmingly high accuracy rate.
That WhoFi study made a point to highlight the anonymity factor: the idea that the sensing system can detect people’s presence, but not identify them. The KIT team refutes that framing outright, arguing that Wi-Fi-sensing technology poses major privacy risks regardless.
“While there maybe legitimate use-cases, we explicitly consider identity inference via Wi-Fi sensing a privacy attack,” they write. “This view reflects the serious risks associated with the ubiquity of Wi-Fi networks, their ability to sense through walls and in non-line-of-sight scenarios, and the fact that this would likely happen without explicit consent.”
While more research will be needed, the researchers don’t mince words about the implications of their initial findings. In their conclusion, the KIT team writes that regulators and companies moving to standardize Wi-Fi sensing should “strongly consider adding effective privacy protection,” or else “abandon beamforming entirely.”
Read full story here…
Login
