You don't need to be carrying a phone to be tracked. Researchers at the Karlsruhe Institute of Technology (KIT) in Germany have demonstrated that ordinary Wi-Fi routers can identify specific individuals with 99.5% accuracy by analyzing how their bodies interact with radio waves - no device, app, or login required. The findings expose a significant and largely unaddressed vulnerability in the wireless infrastructure that surrounds us in virtually every public and private space.
How the Attack Works
The technique, which the KIT team calls BFId, exploits a feature built into Wi-Fi 5 and later standards called Beamforming Feedback Information. Beamforming itself is a legitimate and widely used optimization tool: connected devices send feedback signals back to a router, enabling it to direct wireless transmissions more precisely and improve overall network performance. The problem is that these feedback signals are broadcast continuously and without encryption, meaning any nearby Wi-Fi-capable device can passively capture them without the knowledge of anyone in the vicinity.
What makes BFId particularly powerful - and particularly troubling - is what those signals inadvertently record. As a human body moves through a space, it disrupts, absorbs, and reflects the radio waves around it in ways that are subtly but consistently unique to that individual. The KIT researchers fed captured BFI signals into machine learning models that translated these disturbances into what they describe as "radio images." The system functions, in essence, like a camera that sees in radio frequencies rather than visible light. Tested across 197 participants, the system correctly identified individuals at a 99.5% accuracy rate, regardless of walking style, direction of movement, or viewing angle.
Why This Threatens Privacy in a New Way
Existing forms of wireless surveillance typically require some form of active transmission from the target - a phone broadcasting a Bluetooth signal, a device pinging a network, a face visible to a camera. BFId requires none of this. A person who has deliberately left their smartphone at home, switched it off, or otherwise gone "device-free" to avoid surveillance remains fully detectable, and potentially identifiable, as long as they pass through a Wi-Fi-equipped environment.
The system does not, on its own, resolve a radio fingerprint to a name. But that limitation is far less reassuring than it might initially seem. An attacker with access to previously collected records - smartphone location data, Wi-Fi connection logs, CCTV footage, or any database that links a physical presence to an identity - could cross-reference that information with BFI-derived radio images to identify individuals reliably across time and location. The tracking infrastructure needed for this already exists in many urban environments. BFId provides the missing layer: a way to re-identify people even when they have taken active steps to avoid it.
The implications for specific populations are acute. Political dissidents, journalists, activists, and protesters who deliberately avoid carrying electronic devices as a precautionary measure against surveillance have historically been able to rely on that absence as a meaningful form of protection. This research suggests that protection is eroding.
A Vulnerability Baked Into the Standard
What distinguishes BFId from many other privacy threats is that it does not require any modification to existing hardware. Every router and client device that supports Wi-Fi 5 - a specification that has been in widespread commercial deployment since 2014 - already transmits the signals this attack depends on. No malware, no network intrusion, no special equipment is needed beyond a passive Wi-Fi receiver and the software to process the captured data.
The researchers have directed particular attention to IEEE 802.11bf, a Wi-Fi specification currently under development that is explicitly designed to standardize the use of Wi-Fi signals for sensing purposes - detecting motion, monitoring health indicators, and mapping spaces. That standard could dramatically expand both the resolution and the reach of radio-based surveillance if privacy protections are not built in from the outset. The KIT team has called for regulators and industry bodies to mandate encryption of BFI signals and to establish clear boundaries on how sensing data may be collected, retained, and used.
What Comes Next
The most immediate concern is the absence of any user-facing control over this exposure. Unlike a camera, which can be covered, or a microphone, which can be disabled, ambient radio waves are not something individuals can manage or opt out of. Until Wi-Fi standards incorporate technical safeguards - encrypted feedback channels, signal anonymization protocols, or transmission restrictions in public spaces - the vulnerability described by the KIT researchers remains open and exploitable at scale.
The researchers warn that without intervention, the cumulative effect of BFI-based tracking deployed across connected environments could amount to a nearly comprehensive surveillance infrastructure - one that operates silently, leaves no visible trace, and affects anyone who moves through a space containing a modern wireless router. That describes most of the built world.
