29
devNews
5y

---WiFi Vision: X-Ray Vision using ambient WiFi signals now possible---

“X-Ray Vision” using WiFi signals isn’t new, though previous methods required knowledge of specific WiFi transmitter placements and connection to the network in question. These limitations made WiFi vision an unlikely security breach, until now.

Cybersecurity researchers at the University of California and University of Chicago have succeeded in detecting the presence and movement of human targets using only ambient WiFi signals and a smartphone.

The researchers designed and implemented a 2-step attack: the 1st step uses statistical data mining from standard off-the-shelf smartphone WiFi detection to “sniff” out WiFi transmitter placements. The 2nd step involves placement of a WiFi sniffer to continuously monitor WiFi transmissions.

Three proposed defenses to the WiFi vision attack are Geofencing, WiFi rate limiting, and signal obfuscation.

Geofencing, or reducing the spatial range of WiFi devices, is a great defense against the attack. For its advantages, however, geofencing is impractical and unlikely to be adopted by most, as the simplest geofencing tactic would also heavily degrade WiFi connectivity.

WiFi rate limiting is effective against the 2nd step attack, but not against the 1st step attack. This is a simple defense to implement, but because of the ubiquity of IoT devices, it is unlikely to be widely adopted as it would reduce the usability of such devices.

Signal obfuscation adds noise to WiFi signals, effectively neutralizing the attack. This is the most user-friendly of all proposed defenses, with minimal impact to user WiFi devices. The biggest drawback to this tactic is the increased bandwidth of WiFi consumption, though compared to the downsides of the other mentioned defenses, signal obfuscation remains the most likely to be widely adopted and optimized for this kind of attack.

For more info, please see journal article linked below.
https://arxiv.org/pdf/...

Comments
  • 7
    https://technologyreview.com/s/...

    is the link to the much more accessible news article :)
  • 5
    At the end of the day, reflection, refraction and absorption are inherent properties of any radio wave and object. For example, it's the reason why blue butterflies are blue. I doubt that much can be done against this in the radio transmission itself (which these "solutions" suggest), especially when packet/signal injection is involved (and gives the attacker known signal data for analysis, regardless of the obfuscation of others).

    Maybe we could make outer walls of buildings internally reflect high frequency waves, or sink them into ground like Faraday cages do. That'd also help with the congestion of 2.4GHz Wi-Fi in e.g. apartment buildings or other buildings with lots of independently operating access points, as well as mitigating the exposure of "default" unencrypted access points to areas outside of the home/office where unauthorized people could otherwise leech the network, or even exploit its hosts. Microwave ovens have this feature in their cavities' very design, so we could leverage that.
  • 3
    @Condor I was going to mention faraday cages. Why not build these into outer walls? They'd have uses far beyond protecting wifi. Like killing cell signal 😅
  • 4
    @Root in the journal article, they mention something like that but like a coat of paint to go on the walls, but because it would block cell signals they declared it unfeasible
  • 3
    @Root shit, I didn't think of that 😅 yeah probably not a good idea then XD
  • 3
    @Root @baeovvulf but with VOIP you could not need cell signal as long as you have good WiFi. Besides, who actually talks on their phones nowadays anyways?
  • 5
    Conspiracy theory moment: all those "home assistants" such as Google Home, Amazon's Echo, and others, will be using these methods to track every movement of every person inside a house, and use that data for even more invasive targeting and tracking. Who needs a camera, when they can hear you and track all your movements at all times anyway?
  • 4
    @CodeMonkeyG I never thought about that tbh, I wonder if that’s going to be the future direction of communication... I know I VOIP whenever my cell service is bad... if I have to call at all
  • 3
    @CodeMonkeyG VoIP has a lot of potential, I primarily use it for my calling needs as my cell plan charges quite a lot for mobile calls (as it's tailored for data). That is, I use it despite the fact that I hate my ISP for its sheer incompetence. The VoIP configuration on their side is complete shit.

    VoIP, great for bringing landlines on the internet, allowing you to use it anywhere in the world. Except when your ISP stores all its passwords in plain, the SIP/RTP channels are unsecured (thus allowing for easy wiretapping), and because their security is shit they decided not to fix their shit, instead only allow connections from their public IP range. Because why would you possibly want to take your VoIP connection to outside the home?!

    VoIP is really promising, but only if the PBX is maintained by someone that can tell their elbows from their ass.
Add Comment