- Researchers have identified a new threat to Wi-Fi router security
- People can be tracked in a space using beamforming signals
- No physical access to the router is required to take advantage of its radio waves.
Researchers at the Karlsruhe Institute of Technology in Germany have demonstrated how everyday Wi-Fi routers can be hacked and used as surveillance tools, using only the radio waves that travel to and from the router.
Here’s how it works: Routers using Wi-Fi 5 or later receive feedback signals from connected devices, known as beamforming feedback information (BFI). The router uses this feedback to manage speed and stability, but these messages flow freely through the air and can also be picked up by other devices.
If someone physically walks past those signs, they are disrupted. The signal map is not like a 3D map of a room, but the way the signals change can act as a kind of signature for a person, based on how they walk and move through the space.
Using some special software and a device with a Wi-Fi card (for example, a laptop or Raspberry Pi device), someone can monitor these BFI signals and check for interruptions. Since the signals are not encrypted, there is no need for physical access to the router or Wi-Fi password; the monitoring device only needs to be in the same physical space.
Surveillance danger
The researchers conducted tests with 197 volunteers and were able to identify people with 99.5% accuracy, meaning they could say “person A passed by at this time and at this time.” To actually link people to their name and other details, other data would be needed, such as a ping from a phone previously associated with the individual.
So a listening device could be hidden in an office, and a hacker could know who was at work that day, assuming he knew which gaits belonged to which people. Once the initial match is established, targets will not even need to carry a device (such as a phone).
“This technology turns every router into a potential means of surveillance,” says Julian Todt, one of the researchers. “If you regularly pass by a cafeteria that has a Wi-Fi network, you may be identified there without realizing it and recognized later, for example, by public authorities or companies.”
The research team wants to see greater protection for BFI data in future Wi-Fi standards; Otherwise, this is potentially a very real security threat that affects most modern routers. You can read the full research paper here.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
The best laptops for all budgets
