As connected devices such as voice assistants, security cameras, and smart appliances grow in popularity, the homes and offices where they are installed become increasingly filled with a dense web of Wi-Fi signals.
A new study from University of Chicago and University of California, Santa Barbara researchers finds that external attackers can use inexpensive technology to turn these ambient signals into motion detectors, monitoring activity inside a building without being detected themselves.
With only a small, commercially available Wi-Fi receiver, an attacker from outside the target site can measure the strength of signals emitted from connected devices and monitor a site remotely for motion, sensing whether a room is occupied. The research, led by leading UChicago computer scientists Heather Zheng and Ben Zhao, reveals the technique of these attacks as well as potential defenses.
“It’s what we call a silent surveillance attack,” said Zheng, a Neubauer Professor of Computer Science at the University of Chicago and expert on networking, security and wireless technologies. “It’s not just about privacy, it’s more about physical security protection. By just listening to existing Wi-Fi signals, someone will be able to see through the wall and detect whether there’s activity or where there’s a human, even without knowing the location of the devices. They can essentially do a monitoring surveillance of many locations. That’s very dangerous.”
The research builds upon earlier findings that exposed the ability to “see through walls” using Wi-Fi signals. However, previous methods detected indoor activity by sending signals into the building and measuring how they are reflected back to a receiver, a method that would be easy to detect and defend against. The new approach requires only “passive listening” to a building’s existing Wi-Fi signals, does not need to transmit any signals or break encryption, and grows more accurate when more connected devices are present, raising significant security concerns.