“By observing the propagation of radio waves, we can create an image of the surroundings and of persons who are present,” says Professor Thorsten Strufe from KASTEL – KIT’s Institute of Information Security and Dependability. “This works similar to a normal camera, the difference being that in our case, radio waves instead of light waves are used for the recognition,” explains the cybersecurity expert. “Thus, it does not matter whether you carry a WiFi device on you or not.” Switching your device off does not help: “It’s sufficient that other WiFi devices in your surroundings are active.”
WiFi Routers as “Quiet Observers”
“This technology turns every router into a potential means for surveillance,” warns Julian Todt from KASTEL. “If you regularly pass by a café that operates a WiFi network, you could be identified there without noticing it and be recognized later – for example by public authorities or companies.” Felix Morsbach stresses that it is true that there are easier methods for secret services or cybercriminals to observe people right now – for example by accessing CCTV cameras or video doorbells. “However, the omnipresent wireless networks might become a nearly comprehensive surveillance infrastructure with one concerning property: they are invisible and raise no suspicion.” Actually, WiFi networks exist in almost all homes, offices, restaurants, and public spaces today.
No Special Hardware Require
Unlike attacks with LIDAR sensors or previous WiFi-based methods, which use channel state information (CSI) – i.e. measured data that indicate how a radio signal changes when it reflects off of walls, furniture, or persons – the attackers do not need any special hardware. This method requires nothing but a standard WiFi device. It works by exploiting the communication of legitimate users of the WLAN, whose devices are connected to the WiFi network. These regularly send feedback signals within the network, also called beamforming feedback information (BFI), to the router – in unencrypted form so that it is readable by anybody in range. This creates images from different perspectives that can serve to identify the respective persons. Once the underlying machine-learning model has been trained, the identification only takes a few seconds.
Almost 100% Accuracy – Technology Entails Risks to Privacy
In a study with 197 participants, the team could infer the identity of persons with almost 100% accuracy – independently of the perspective or their gait. “The technology is powerful, but at the same time entails risks to our fundamental rights, especially to privacy,” emphasizes Strufe. The researchers warn that this is particularly critical in authoritarian states where the technology might be used for the observation of protesters. Therefore, they urgently call for protective measures and privacy safeguards in the forthcoming IEEE 802.11bf WiFi standard.
Funding and Publication
The project was funded under the Helmholtz “Engineering Secure Systems” topic. The researchers will present their results at the “ACM Conference on Computer and Communications Security” (CCS) in Taipei. The paper will be available from October 13, 2025 at https://doi.org/10.1145/3719027.3765062.
Original publication
Todt, Julian; Morsbach, Felix; Strufe, Thorsten: BFId: Identity Inference Attacks utilizing Beamforming Feedback Information, ACM, 2025. DOI: 10.1145/3719027.3765062 (from October 13, 2025).
Journal
ACM / IMS Journal of Data Science
Article Title
Todt, Julian; Morsbach, Felix; Strufe, Thorsten: BFId: Identity Inference Attacks utilizing Beamforming Feedback Information, ACM, 2025.
Article Publication Date
13-Oct-2025