The beamforming feedback without encryption is the most sensitive point of Wi-Fi surveillance
The ScienceDaily published in May 2026 a study from the Karlsruhe Institute of Technology, KIT, in Germany, showing that common Wi-Fi signals can be used to identify people even when they are not carrying any device and even when their own cell phone is turned off. The method, called BFId, explores how radio waves propagate through the environment and how the human body alters this path.
In the experiment described by the researchers, the team worked with 197 participants and reported almost total accuracy in identification, even under different perspectives and walking styles. For the authors, the most concerning point is that the technique uses data already circulating in common wireless networks, which broadens the debate about privacy, invisible surveillance, and the risks of ubiquitous connectivity.
How common Wi-Fi and beamforming feedback turn radio waves into person identification
The technical basis of the study lies in the fact that Wi-Fi signals change when they interact with walls, furniture, and people within an environment. Instead of relying on a camera or optical sensor, the system observes how these changes shape the propagation of radio waves and uses this pattern as raw material for recognition.
-
Brazilian Researchers Develop Cost-Effective Method for Key Component of Green Hydrogen Electrolyzers, Enhancing Energy Efficiency and Equipment Longevity
-
1,700-Year-Old Roman Mosaic Discovered by Farmer Planting Cherry Trees in Turkey
-
Brazil launches $1.9 billion plan in response to El Niño, issuing national extreme heat alert and bolstering public health system
-
Polyformer Machine Converts PET Bottles into 3D Printer Filament, Reducing Costs and Expanding to Over 50 Countries
According to KIT, this process works similarly to a camera, but with a decisive difference: instead of light, radio waves come into play. Therefore, the system’s logic does not depend on the person having a Wi-Fi device in their pocket, but rather on the physical effect their presence produces on the signal circulating in the location.
The researchers’ own explanation highlights that these reflections generate different “views” of a person, which can then be interpreted by machine learning models. It is precisely this combination of radio frequency and AI that allows transforming a common environment with a router into a potential biometric identification structure.
The unencrypted beamforming feedback is the most sensitive point of Wi-Fi surveillance
The study draws attention to a technical element little known outside the networking area: the beamforming feedback information, or BFI. According to the KIT article, beamforming, introduced in WiFi 5, requires client devices to transmit observations about the communication channel characteristics, creating a new source of data for Wi-Fi sensing.

The problem, according to the researchers, is that this BFI circulates in an unencrypted form, which means it can be read by any equipment within signal range. The team claims that it was precisely this loophole that allowed the construction of BFId as the first identity inference attack based on this type of information.
Another central point is that the technique does not require expensive sensors or proprietary hardware. Both the KIT note and ScienceDaily state that the method can work with common Wi-Fi devices, which lowers the technical barrier and reinforces the warning that the infrastructure already present in homes, offices, and public spaces can be exploited passively.
Why turning off the phone is not enough against Wi-Fi identification and passive tracking
One of the most unsettling aspects of the work is that turning off your smartphone does not solve the problem. Professor Thorsten Strufe states that as long as there are other active Wi-Fi devices nearby, the system continues to function, as the method observes the general dynamics of the radio environment, not just a specific device of the monitored person.

Once the model is trained, identification takes only a few seconds, according to the researchers. The team also reports that recognition remained effective even when participants changed their walking style and also under different observation angles, which increases the practical significance of the discovery.
This detail shifts the axis of the privacy discussion. Instead of tracking a device, the technology begins to explore the physical presence of a person within a space covered by a wireless network, bringing Wi-Fi closer to a passive surveillance tool that is much harder to detect.
KIT study on digital privacy warns that every router can become an invisible surveillance tool
Researcher Julian Todt summarizes the threat directly by stating that the technology turns every router into a potential means of surveillance. According to KIT’s explanation, a person who frequently passes by a café with Wi-Fi, for example, could be identified without realizing it and later recognized by authorities or companies.
The concern grows because wireless networks are already spread across homes, offices, restaurants, airports, and public spaces. As the authors emphasize, it is an almost invisible infrastructure in daily life, which makes it especially sensitive from the perspective of fundamental rights and privacy.
Therefore, the team advocates for the adoption of protection measures in the future IEEE 802.11bf standard. The warning is not treated by the authors themselves as a technological celebration, but as a notice that the advancement of Wi-Fi sensing could open a new front of silent surveillance if not accompanied by robust safeguards.
What Wi-Fi research really demonstrates and why the surveillance and privacy debate has already changed
What the study securely demonstrates is that the normal communication of a Wi-Fi network can be repurposed to infer identity with high precision in an experimental environment. The KIT article describes BFId as the first attack of this type based on BFI and presents it as evidence of a privacy risk that, until then, had not been explored in this way.
It is also clear that this is a scientific demonstration, presented at the academic circuit of the ACM Conference on Computer and Communications Security 2025, and not a consumer tool placed on the market. Even so, the researchers’ message is strong: the wireless infrastructure that today ensures convenience can, without adequate protection, serve as a basis for new and discreet forms of monitoring.
In the end, the case reinforces a greater warning about the connected world. The era when the absence of a camera or a turned-off cell phone seemed synonymous with anonymity has become more fragile, because the very invisible web of radio waves around us can start to function as a mechanism for observation and identification.

