Wi-Fi Signals Used to Determine People’s Location and Movements Inside Buildings

University researchers in the US have built a system that allows them to monitor movements of people inside a building using only existing Wi-Fi signals without affecting the transmitted data.

The RF signals emitted in offices and homes undergo subtle changes based on their surroundings, whether it’s a stationary object or moving targets, such as people or pets. Researchers from the University of Chicago and the University of California, Santa Barbara have figured out a way to determine the position, moving speed, and the number of people in a room using only received Wi-Fi signals.

According to a SciTechDaily report, lead researchers call this type of data gathering a silent surveillance attack. It’s silent because the targets have no indication they are targeted. The quality of the Wi-Fi signal is not affected, and the attacker doesn’t decode packages. Everything is collected only from what’s emitted from the room.

“We show that just by sniffing existing Wi-Fi signals, an adversary can accurately detect and track movements of users inside a building,” reads the study. “This is made possible by our new signal model that links together human motion near Wi-Fi transmitters and variance of multipath signal propagation seen by the attacker’s sniffer outside of the property.”

The security problem is exacerbated by the exponential expansion of the Internet of Things infrastructure, as the researchers’ technique can gather data from any device using Wi-Fi signals to communicate.

An attacker using this method would only need a $20 Wi-Fi sniffer, and there is little to no defense. People wouldn’t know they are tracked, and notifications are not shown anywhere. As the Wi-Fi signal passes through walls with ease, one type of protection would be insulation, similar to a Faraday cage. The problem is that, if nothing goes out, then nothing comes in, which means that using a phone inside would be impossible.

The other solution proposed is access point signal obfuscation, a security feature that would create a lot of noise along with the regular Wi-Fi data, making any tracking impossible. A few hardware manufacturers are looking into implementing similar security features, but that’s a long way off. For the most part, if such an attack vector were employed today, defending against it would be impossible.

One comment

  • By Mike - Reply

    I call bs, the manufacturer’s can barely accurately track user movement using all the data fully available to aps, so someone with a wireless sniffer can somehow track movement without access to all the analytical data provided by the ap.

  • Add Comment

    Your email address will not be published. Required fields are marked *