Your Wi‑Fi Can Identify You – Even if Your Phone Is Off: New Study Warns of an Invisible Surveillance Trap

• What’s new: Researchers at Germany’s Karlsruhe Institute of Technology (KIT) show that people can be identified using ambient Wi‑Fi alone—no phones, wearables, or special gear required—by passively capturing how radio waves propagate and change around them. The work introduces BFId, an identity‑inference attack that uses standard Wi‑Fi features. KIT
• How it works: The attack listens to beamforming feedback information (BFI)—plaintext control data that many Wi‑Fi 5/6 devices already broadcast—to reconstruct “images” from multiple perspectives and match them to known individuals. BFI packets are unencrypted, so anyone in range can capture them with a normal Wi‑Fi card in monitor mode. publikationen.bibliothek.kit.edu
• Accuracy & scale: In controlled tests with 197 participants, BFId achieved ~99.5% (ą0.38) identification accuracy across different walking styles and viewpoints—using only commodity hardware. publikationen.bibliothek.kit.edu
• Publication & timing: The results were presented at the ACM Conference on Computer and Communications Security (CCS) 2025 (Taipei, Oct 13–17, 2025). Several outlets mis‑tagged it as an ACM Data Science journal paper; the official record shows CCS ’25 proceedings. publikationen.bibliothek.kit.edu
• Standards context: The dedicated Wi‑Fi sensing standard IEEE 802.11bf was published on Sept 26, 2025. The KIT team urges privacy safeguards for sensing and BFI. ieee802.org
• Related work: Independent research (“WhoFi”) this summer showed 95.5% person re‑identification using Wi‑Fi CSI (a different signal measure), underscoring that device‑free identification via Wi‑Fi is becoming practical. Tech Xplore

The new surveillance risk, explained

If you pass by a café with Wi‑Fi, you can, in principle, be recognized even if you never join the network or even carry a device. KIT’s KASTEL Institute team demonstrates that the ambient chatter between access points and nearby clients reveals enough about the shape and motion of people in the space to match them to known identities. Unlike earlier Wi‑Fi sensing methods that tapped CSI with modified firmware or lab‑grade radios, their approach uses standard, widely deployed BFI—a compressed representation of the wireless channel that clients report to routers to improve beamforming. KIT

“Switching your device off does not help.” KIT

The key insight is that you don’t need a phone for your body to disturb radio waves: other devices around you (laptops, smart speakers, strangers’ phones) are constantly talking to the router, and those transmissions carry feedback about the environment—including you. KIT

What BFId actually does

The BFId attack passively records BFI frames (no association with the network is needed) and feeds the time‑series into a relatively simple recurrent neural network. In a 197‑person study, the authors report ~99.5% (ą0.38) rank‑1 accuracy, and note that BFI outperformed CSI for large populations, while also lowering the bar for an adversary (no specialized hardware, easier multi‑perspective capture). publikationen.bibliothek.kit.edu

The paper emphasizes that BFI collection is trivial: “Any Wi‑Fi NIC can be set to monitor mode” to capture the relevant packets, and prior measurements show BFI is supported more broadly in the wild than CSI. publikationen.bibliothek.kit.edu

“This technology turns every router into a potential means for surveillance.” KIT

Why BFI is so sensitive

BFI packets are unencrypted, carrying movement‑rich descriptors that can be intercepted—even through walls—opening the door to occupancy detection and more. Security researchers previously showed this with LeakyBeam, calling BFI “a rich source of privacy‑sensitive information.” NDSS Symposium

This is not a theoretical corner case. Since Wi‑Fi 5 (802.11ac), explicit beamforming relies on client feedback; many enterprise and consumer devices support it by default, and industry tools now exist to extract and decode BFI from commodity traffic. winncom.com

How this differs from earlier “Wi‑Fi can see you” demos

• CSI vs BFI: CSI offers fine‑grained channel detail but often requires chip‑level access or special firmware. BFI is standards‑compliant, broadcast in cleartext, and easier to capture at scale. BFId shows BFI can be good enough—and sometimes better—for identification. publikationen.bibliothek.kit.edu
• WhoFi (July 2025): A separate team (La Sapienza, Rome) reported 95.5% person re‑ID using CSI. Together with BFId, this signals rapid progress in device‑free biometrics over ordinary Wi‑Fi. Tech Xplore
• Survey consensus: A 2023 review documents a wave of identity, activity, and presence sensing via Wi‑Fi; the KIT work pushes that line further by showing near‑perfect identity inference using standard feedback packets. MDPI

Standards and policy: what happens next

IEEE’s 802.11bf Wi‑Fi Sensing amendment is now published (Sept 26, 2025), formalizing ways Wi‑Fi can be used as a sensor. The KIT team warns that privacy protections must be baked in, given how easily BFI can be repurposed. ieee802.org

The authors go further, arguing the standard “should strongly consider adding effective privacy protection, or abandon beamforming entirely.” Their point: sensing capability is becoming ubiquitous, so defaults matter. publikationen.bibliothek.kit.edu

Security researchers have proposed technical defenses, such as obfuscating or restricting BFI to reduce leakage, but these require vendor and standards support to be broadly effective. NDSS Symposium

How worried should you be?

Threat model: An attacker needs to be within radio range of the target space (e.g., outside a storefront or apartment) and to train on how a person perturbs signals. BFId’s results are from controlled lab data; the authors themselves note open questions about long‑term robustness, environmental changes, and interference in real‑world deployments. publikationen.bibliothek.kit.edu

Bottom line: The study does not mean anyone can instantly name every passerby on the street today. It does show that device‑free, high‑accuracy identification is feasible with ordinary Wi‑Fi traffic, shrinking the gap between lab demos and practical surveillance. publikationen.bibliothek.kit.edu

Practical steps (individuals, businesses, vendors)

• Keep routers updated and watch for vendor guidance about 802.11bf and privacy controls related to sensing and beamforming feedback. ieee802.org
• Consider disabling explicit beamforming (and possibly MU‑MIMO) on access points if your environment permits; this may reduce BFI emissions but can impact performance. In 802.11ac, explicit beamforming is optional and based on explicit compressed feedback. Check your model’s documentation. Cisco Meraki Documentation
• Network design: Where feasible, reduce Wi‑Fi spill‑over outside controlled areas (AP placement, transmit power, RF shielding) to limit over‑the‑air eavesdropping range. (General best practice; not a silver bullet.)
• Policy & procurement: Large organizations should ask vendors about BFI handling, BF obfuscation, and sensing defaults before adopting 802.11bf features; push for privacy‑by‑design in firmware and chipsets. NDSS Symposium

What experts are saying (short quotes)

• Thorsten Strufe (KIT): “Switching your device off does not help.” KIT
• Julian Todt (KIT): “This technology turns every router into a potential means for surveillance.” KIT
• NDSS 2025 (LeakyBeam): “BFI packets are unencrypted, making them a rich source of privacy‑sensitive information.” NDSS Symposium
• KIT paper (BFId): Standards “should strongly consider adding effective privacy protection, or abandon beamforming entirely.” publikationen.bibliothek.kit.edu

The latest coverage & primary sources

• KIT press release (Oct 8, 2025): Overview, quotes, and the privacy warning. KIT
• BFId paper (ACM CCS ’25): Methods, 99.5% accuracy, dataset details, adversary model. (Open‑access preprint via KITopen.) publikationen.bibliothek.kit.edu
• TechXplore (Oct 10, 2025): Public‑facing explainer of the findings and risks. Tech Xplore
• NDSS 2025 (LeakyBeam): Prior work showing BFI‑based occupancy detection and a proposed defense. NDSS Symposium
• IEEE 802.11 Working Group: 802.11bf sensing standard published Sept 26, 2025. ieee802.org
• WhoFi (July 24, 2025): Separate team’s CSI‑based person re‑ID (95.5% accuracy). Tech Xplore

Background: what are CSI, BFI, and 802.11bf?

• CSI (Channel State Information): Fine‑grained measurements of how a signal changes; long used in research for activity/gait recognition but often requires special access to Wi‑Fi chip internals. MDPI
• BFI (Beamforming Feedback Information): Standards‑compliant, plaintext client feedback used since Wi‑Fi 5 to steer beams; easier to capture and now shown sufficient for identity inference. ece.rice.edu
• 802.11bf: The new sensing amendment that formalizes how Wi‑Fi can detect presence, motion, and more—raising the stakes for privacy‑by‑design choices around feedback and metadata. ieee802.org

Correction note on venue (to avoid confusion)

Some listings and reposts (including an EurekAlert! entry) labeled the paper under “ACM/IMS Journal of Data Science.” The official KIT repository and DOI metadata show it appears in the Proceedings of the 32nd ACM SIGSAC Conference on Computer and Communications Security (CCS ’25) (Taipei, Oct 13–17, 2025). In short: it’s a CCS conference paper, not a JDS journal article. EurekAlert!

Sources & further reading

• KIT press release: “The Spy Who Came in from the Wi‑Fi: Beware of Radio Network Surveillance!” (Oct 8, 2025). KIT
• Todt, Morsbach, Strufe. BFId: Identity Inference Attacks Utilizing Beamforming Feedback Information. ACM CCS ’25 (preprint & record). publikationen.bibliothek.kit.edu
• NDSS 2025: Lend Me Your Beam: Privacy Implications of Plaintext Beamforming Feedback in WiFi (LeakyBeam). NDSS Symposium
• IEEE 802.11 Working Group: 802.11bf publication status (Sept 26, 2025). ieee802.org
• TechXplore coverage (Oct 10, 2025). Tech Xplore
• WhoFi (La Sapienza) explainer (July 24, 2025). Tech Xplore
• Background on Wi‑Fi identity sensing (survey). MDPI

Takeaway: The radio network around you can be turned into a sensor that recognizes who you are—even when your phone is off. This capability hinges on plaintext feedback that today’s Wi‑Fi already emits. With 802.11bf now official, the window is open for the industry to build in privacy protections by default before this turns from a lab breakthrough into a background surveillance layer of everyday life. ieee802.org