Previous work had already shown that channel state information (CSI) from WiFi signals can be used to identify people in a room but CSI is harder to obtain and needs specialised hardware and firmware.
| Photo Credit: Paul Hanaoka/Unsplash
Modern WiFi standards have a feature called beamforming that helps routers push signals more efficiently towards connected devices. To do this, phones and laptops regularly broadcast short reports describing how they ‘see’ the wireless channel. These reports are unencrypted and can be picked up by any other device in range.
Are these reports rich enough for someone to recognise who is moving through a room just from how their body disturbs the WiFi field? A new study by researchers at the Karlsruhe Institute of Technology in Germany has found the answer is ‘yes’.
Previous work had already shown that channel state information (CSI) from WiFi signals can be used to identify people in a room but CSI is harder to obtain and needs specialised hardware and firmware. Beamforming feedback information (BFI) is however available on off-the-shelf hardware. The authors thus treated BFI as a potentially more serious privacy risk and measured how far an attacker could go with it in a realistic setting.
They built a WiFi setup with two access points and four ‘listening’ perspectives, all operating in the 6 GHz band. They asked 197 volunteers to walk back and forth through the WiFi field normally, briskly, through a turnstile, and while carrying a backpack or a crate. The system recorded both BFI and CSI traces, which the team then fed into a relatively simple neural network that could learn patterns directly from the raw data.
Thus they found that BFI alone was strongly identifying. When the model was trained and tested on normal walks, it recognised more than 160 individuals with 99.5% accuracy. CSI, which has higher time resolution but is harder to obtain in practice, was less accurate on the same dataset.
The model also transferred reasonably well across walking styles: BFI could still identify people when they wore a backpack, carried a crate, walked faster or passed through a turnstile, although the performance dipped somewhat for more unusual motions. It also outperformed CSI.
Per the researchers, the results change how we should think about the privacy consequences of everyday WiFi use. They’ve shown that inferring one’s identity doesn’t necessarily require hacking firmware or networks but only a device within listening range. They don’t even need the WiFi password.
The ability is doubly insidious because BFI is produced by normal Wifi networks and, unlike CCTV cameras, doesn’t advertise its role in surveillance. People who might avoid visible cameras might still ignore access points mounted in ceilings or corners. In this sense, WiFi-based tracking can create an ‘inverse panopticon’ where individuals behave as if unobserved while being silently profiled.
Once a system can stably recognise individuals from their gait, any other WiFi-based task such as recognising activities or estimating occupancy can be linked to those identities. This makes the harm cumulative because activity and movement logs can be tied to the same person over time, even if their real-world name is not immediately known.
Finally, the researchers noted that current mitigation ideas like adding noise to training fields are immature, often require special hardware, and mainly target CSI instead of BFI.
Published – November 26, 2025 10:15 am IST