Scientists at Germany’s Karlsruhe Institute of Technology have exposed a critical surveillance vulnerability in modern Wi-Fi routers. Using only radio waves and no password access, researchers identified individuals passing through a space with 99.5% accuracy.
The vulnerability takes advantage of a feature called Beamforming Feedback Information (BFI), which shows up as a usual component in Wi Fi 5 and newer routers.
In practice, routers lean on BFI to pull back feedback from the connected clients, basically to tune link speeds and steadiness, not just “better signal” in the abstract.
What matters most, though, is that these feedback signals ride through the air unencrypted. So any device with a Wi-Fi card, like a laptop or a Raspberry Pi, can intercept them.
Also, there’s no need for physical access to the router, and you do not need to know the Wi-Fi password either. Instead, as a person walks through the radio signal route, the BFI data gets messed up, which forms a kind of distinctive profile tied to their stride and how they move.
Then a watcher device, placed in the same general space, can notice those changes and stitch them together over time into something usable.
_updates.jpg)
The Karlsruhe group ran tests with 197 volunteers, reporting 99.5% accuracy when identifying people from movement patterns alone.
A hidden listening device in an office could reveal who entered that day. A hacker monitoring a café’s Wi-Fi could identify regular customers without their knowledge.
Linking those signatures to real identities requires supplementary data a phone ping previously associated with the individual, for instance but the foundational tracking mechanism requires no such connection.
“This technology turns every router into a potential means for surveillance,” warned Julian Todt, one of the researchers. “If you regularly pass by a cafe that operates a Wi-Fi network, you could be identified there without noticing it and be recognized later for example by public authorities or companies.”
The vulnerability extends beyond private networks. Public Wi-Fi routers in airports, libraries, and transit hubs expose millions to this same tracking method daily.
