- Researchers have identified a new threat to Wi-Fi router security
- People in a space can be tracked using beamforming signals
- No physical access to the router is required to exploit its radio waves
Researchers at the Karlsruhe Institute of Technology in Germany have demonstrated how everyday Wi-Fi routers can be hacked and used as surveillance tools, using only radio waves going to and from the router.
Here’s how it works: Routers using Wi-Fi 5 or later receive feedback signals from connected devices, called Beamforming Feedback Information (BFI). The router uses this information to manage speeds and stability, but these messages travel freely through the air and can also be picked up by other devices.
If someone physically goes through these signals, they are disturbed. The signal map doesn’t really look like a 3D map of a room, but the way the signals move can act as a sort of signature for a person, based on how they walk and move through space.
Using special software and a device with a Wi-Fi card (a laptop or Raspberry Pi device for example), someone can monitor these BFI signals and check for disturbances. Because the signals are not encrypted, there is no need for physical access to the router or a Wi-Fi password: the monitoring device simply needs to be in the same physical space.
Danger of surveillance
The researchers conducted tests on 197 volunteers and were able to identify people with 99.5% accuracy. To actually link people with their name and other details, other data would be needed, such as a ping from a phone previously associated with the individual.
So a listening device could be hidden in an office, and a hacker could know who was at work that day, assuming he knew which steps correspond to which people. Once the initial match is made, targets wouldn’t even need to carry a device (like a phone).
“This technology turns every router into a potential means of surveillance,” explains Julian Todt, one of the researchers. “If you regularly pass by a café that operates a Wi-Fi network, you could be identified there without realizing it and be recognized later, for example by public authorities or businesses.”
The research team wants to see more BFI data protection in future Wi-Fi standards – otherwise this is potentially a very real security threat, affecting most modern routers. You can read the full research paper here.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
The best laptops for every budget
