Identifying People Using Wi-Fi Routers

Not identifying people based on their use of Wi-Fi routers, but identifying people using Wi-Fi signals.

This is accomplished through what is known as WiFi sensing, or the use of WiFi signals to infer information about a physical environment. When radio signals like WiFi travel through a space, they interact with the objects and people around them. Those signals can be reflected, scattered, or absorbed. By analyzing how the signal is expected to behave compared with how it is actually received, researchers can infer details about the surrounding environment.

“By observing the propagation of radio waves, we can create an image of the surroundings and of persons who are present,” said Thorsten Strufe, a KIT professor and study co-author, in a press release. “This works similar to a normal camera, the difference being that in our case, radio waves instead of light waves are used for the recognition.”

Tags: , , ,

Posted on May 26, 2026 at 11:02 AM20 Comments

Comments

Clive Robinson May 26, 2026 12:31 PM

@ ALL,

Sensing people and how they move with any EM signal above a couple of GHz is not exactly new.

Back in the 1980’s when involved with Pirate Radio, we realised that the UK Authorities (still Home Office back then) when trying to “direction find” the studio link gave away the fact they were in the area due to the way the DF antenna was rotated thus some stations would just “switch studio”.

The problem with getting an “image” has always been “resolution”.

In theory you can work to about 1/16th of a wavelength so 2.5GHz WiFi has a wavelength of 300/2500 meters or 12cm so the resolution is at best a little less than 1cm quite close in (ie a couple of meters).

To give you an idea of how bad that is the average human eye can see 1mm at 2000mm… Some people like Australian Aboriginals are known to have a lot better vision.

Yes there are tricks you can do that effectively use multiple paths but things start getting a little interesting.

Clive Robinson May 26, 2026 1:05 PM

@ ALL,

To understand what modern WiFi can give in terms of “tricks” imagine a dark room with many flashing EM sources and lots of receivers that act as sensors.

The sensors do not give range or bearing information, but do report “Received Signal Strength” by broadcasting it in plain text back to the WiFi base unit. Which as it’s a broadcast means any passive unot in range will get the equivalent of many multiple beams information.

This information can be deconvolved and the effect is to receive many imprecise range indicators.

Get enough even poor range information and you can effectively average it up. Thus you get a more precise image.

Read the paper for the nitty gritty of this.

But remember the paper is not so much a technical rabbit hole dive, as opposed to a Big Red Flag waving excercise.

The information being used is publicly available because,

“It’s not encrypted”

And the authors quite rightly feel it should be.

Zaphod May 26, 2026 1:43 PM

Too late but was about to mention that (as often) Clive has excellent insight into this topic and I was looking forward to his comments. Others too of course.

Z

Weather May 26, 2026 2:12 PM

@All

A electric field, which a Rf source is most dominant in ,in close proximity to a antenna, has a time variable but is deffinrial based on distance.

If you have a signal, a voltage will max be produced at X distance, changing the frequency, changes the distance.

Theres E and M and EM(rf) ,take a 1m2 metal plate as a antenna and scan the frequency range looking for peaks, the peaks will be distance based on 1^4 .

lurker May 26, 2026 3:07 PM

This should have been expected by anyone who watches StarTrek. But note that even ST devices could only distinguish human or non-human lifeforms, and required the target to carry some tracking device for more precise identification.

Moving animals (or vegetables) will cause disturbances in a complex RF field. As @Clive said
“This information can be deconvolved”
which requires some computing power whether using previous CSI methods or the present BFI. This new method uses a “machine learning model”, and hijacks some of the computing power in the router-device pairing. Note that increasing the computing strength of machines and algorithms, and reducing their physical size and power consumption, is a work in progress that has only been going on for eighty years so far.

This BFI method avoids having to do some of the math involved in previous CSI analyses. Encrypting the information will only force them to hone their algorithms and buy a bigger computer. You cannot hide.

Kevin May 27, 2026 1:36 AM

The technology IDs people by their WALKING STYLE – the way they move.

It states 82% accuracy among 200 people – so pretty good – but I’d like to see how that scales – I’d guess it gets worse with 1000+ people.

mw May 27, 2026 1:40 AM

No surprise. This technology is used since WW II. It is called RADAR. But the spy must have control over the access point.

Rontea May 27, 2026 9:35 AM

This research is a sobering reminder that surveillance capabilities often emerge from the most mundane technologies. WiFi networks are so ubiquitous that we rarely consider them a privacy threat—but as the Karlsruhe team shows, they can act as a passive sensor network capable of identifying individuals, even those who carry no devices.

This is precisely the kind of technology that slips under the radar—quiet, invisible, and easy to deploy without the public noticing. It requires no specialized hardware and leverages existing network behavior. That combination makes it particularly attractive to both governments and malicious actors.

We need to recognize that privacy threats don’t always come from traditional cameras or explicit tracking devices. Radio-based sensing like this is another vector for mass surveillance, and it underscores why we must bake privacy protections into standards and protocols—before they’re widely adopted, not after. Otherwise, every coffee shop router becomes a silent witness.

Clive Robinson May 27, 2026 11:36 AM

@ Rontea, ALL,

With regards,

“Otherwise, every coffee shop router becomes a silent witness.”

Not just the WiFi, but importantly the epos sustem that knows your credit card number.

The problem with the WiFi sensor network is that it has no idea what body shape and movements belong to whom.

Thus whilst it can link your movements at all times regardless of if you are in their database or not, it can not link to your identity.

The increasing use of payments cards makes the linking of the vague bio-metrics to an identity.

It’s why I only use cash and tell others likewise.

Worse though, in times past your credit card had to be “swiped by the epos” machine, thus if you kept it in your pocket you used to be relatively safe.

Now that does not exist any longer. Most payment xards are moving across to RF based systems such as “tap and go” which leak information whilst in your pocket.

But also the use of RFID tags are on the increase in peoples cloaths as part of “anti-theft” and “theft-recovery” systems. So your shoes, jacket, wallet/purse/handbag belt and even under clothes are now getting “unique identifiers”.

If you purchased an item using a payment card it traces back directly to you via “third party business records” that require no oversight or warrant as they do not have 4th Amendment or any other kind of legal protection (in fact the opposite).

But even if you always payed cash, these unique identifiers when linked together in effect for a “primary key” that is unique to you as an individual.

Worse if the item was a present they can leak back to your family, loved ones and friends.

So even a “naff pair of socks for xmass” can give rise to your identity becoming known…

In the past I’ve found on testing that the RFIDs of back then did not like spending a few seconds in the microwave oven…

Unfortunately some materials like leather do not like microwave energy either thus items like wallets and shoes can be damaged.

Contrary to what is shown in visual entertainment finding RFIDs in items including your pets is actually not as easy as they make it out to be.

In the past I’ve designed anti-surveillance equipment to find RFIDs even those that are “non standard” thus use different frequencies and time delays to hide their presence.

It’s why I’ve advised people how to use “network analysers” as the equivalent of “Grid Dip Oscillators”(GDOs) to find the RFID antenna/tuned circuit they are powered by.

As I’ve mentioned before with passports, it really does not matter if the RFID is data encrypted… Because the “start-up” of the device picked up by the GDO can identify not just the device manufacturer, the chip type used, and in some cases the “chip stepping”. Thus easily identifying the country from which the passport was issued and approximately when.

The further and faster we move into this “technological future” the easier it will be to link all your “data points together” and it will almost certainly become “normal” within a decade unless very strong legislation is put in place with effective over sight with no “loop throughs”.

One such “loop through” is if you use a VPN the authorities claim it makes you indistinguishable from a Foreigner thus not covered by “protective legislation”. Thus other legislation like the Patriot Act and FISA allow all VPN traffic to be recorded, and you can safely assume it is at all times. Likewise Tor and mixnets even low power very limited range such as LoRa, WiFi, Bluetooth, and similar. The logic argued is that the authorities can not see the traffic from end to end thus can not say that foreign traffic is not being carried either directly or indirectly by rebroadcast etc thus FISA etc applies.

Clive Robinson May 27, 2026 2:57 PM

@ Zaphod, fib,

Glad to see you are still reading along, hope you are well etc.

I won’t say too much as I don’t want things modded as has happened before.

Clive Robinson May 27, 2026 8:31 PM

@ Bruce, ALL,

It’s not just WiFi that can see the 5G etc do as well

As I and others noted above it’s not just WiFi that can act like a flash bulb to image the surroundings.

Rather than me go through it with lots of words, you could watch the YouTube video from a couple of months back,

https://m.youtube.com/watch?v=0OdR8rRMz3I

The presenter makes a couple of mistakes from talking to fast and also a couple of over broad assumptions. But the overall presentation gives an easy overview with “pictures” 😉

But… It does not cover the inevitable question of “external source surveillance”…

Approximately WiFi is good to 1000ft depending on the environment. In the US most homes are shoddily built with external walls having little or no mass. It’s so bad with some modern houses that to EM signals the walls are in effect nearly transparent thus your neighbours WiFi goes through your home and probably the home on the other side of you and maybe a half dozen or so more homes. As an old rule of thumb US housing plots were ~100ft by ~100ft. A single WiFi base could cover a 10 plot radius or ~20x20x7/9 ~=310 plot equivalent (say half that number of homes when you include access roads).

The system the paper describes however does not listen to the “WiFi Base” signal but the “WiFi Devices” replies. There might only be a couple or none of those at any given time…

Older houses used to be made of higher mass materials to “store the heat” not all of these are EM transparent and quite modern homes may well use aluminium foil covered expanded plastic foam. Whilst the plastic foam is EM transparent to WiFi and 5G signals, the aluminium foil is not as it acts like a mirror and reflects quite a bit of the EM signals, and creating lots of “multipath” thus reducing accuracy if the WiFi devices being listened to are outside the external walls.

But this may not matter, as stationary objects can be “averaged out” with only moving objects giving dynamic ranging information.

V. Serge May 28, 2026 1:07 PM

This is as old as holography, now we have a coherent source.

Use Cat7 as ethernet, or
Fiber (even better) instead of wireless.

Use mylar as building envelope vapor barrier?

I have been erased by 9/11 terror frantisy.

I predicted 9/11 weeks early. What do I know.

I have a 24/7/365 squad of babysitters permanently assigned to stalk me, etc.

I have been a canadian all my life. Im a senior citizen.

Thanks much Mr. Schneier.

  • With loving sincerity – Lee Harvey Oswald

PS, the library has entirely blocked tor now,
even tho I stopped my OTP stress testing.

“the honor of kings is to search out a matter”

lurker May 29, 2026 1:11 AM

@V. Serge

Ah, the Library, that place where knowledge cannot be free, but must be locked away in sacred books. My library has blocked IMAP email, Thunderbird no longer works. I suspect it was an accident of ignorance: I can still buy apps from F-Droid, but can’t update my phone’s OS …

Radar Lab May 29, 2026 11:23 AM

In the 1970s I was a temporary worker in a (classified) radar lab.
Quite apart from the mission of the lab (developing new forms of radar), one of the researchers discussed with me his thought experiment of sensing people by sensing the microwaves their warm bodies emit. That was not possible with the technology then, with the technology now it may be.
That’s quite different than what the article describes, because sensing emitted microwaves does not require illumination by some signal such as wifi.

Radar Lab June 2, 2026 9:56 AM

lurker,

The thought experiment of the researcher involves microwaves, which have a longer wavelength than infrared.

The concept I suppose may become reality, if it is not already used.

Because any object above absolute zero emits microwaves, I suppose the biggest hurdle to a practical implementation is SNR.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.