41 comments

[ 3.3 ms ] story [ 93.7 ms ] thread
Very cool, and somehow very creepy! This is how we will be hunted when the machines rise up ;)
How would a person be able to avoid this?
That's one scary implication: they can't.
No seriously. Maybe wear some kinda suit?
Run Ethernet throughout your home and hardwire 100% of everything. Disable all wireless radios in your house. That will stop your own gear from being used like this, but unless you turn your home into a faraday cage someone could probably blast your home with 2.4GHz externally to achieve similar results. If as you mention, perhaps you had some kind of suit that is completely absorbent to wireless spectrum, though that in itself could be used as an identifier most likely.
What I meant was that the suit would change your "wifi fingerprint", not that it would be absorbent.
Turn the wifi hotspot on on your phone and blind it. It probably won't work so well if the background wifi signals keep moving around.
Since this uses standard WiFi, if you don't have a WiFi network, you're good!
Unless, of course, they are aware of it and try to subvert it by consciously modifying "their body shape characteristics and motion patterns".
I'd imagine a simple device that broadcasts noise or fake signals would be enough to throw it off. Lots of principles used in speed trap jammers could be used.
Probably with a device that transmit in the same frequency of the WiFi network, just ending up distubing the signal
Run a cheap switched mode power supply in their pocket?
Aim a microwave at the door and modify it to run open
Tinfoil. Lots and lots of tinfoil.

Conductive meshes work as well provided that the holes are small enough.

VP Product at aerial.ai (using similar strategies as this paper) here. A few major caveats to make this work:

a) There needs to be enough traffic happening on the network to have the resolution needed to differentiate between people. b) The device needs to be able to see the traffic. This won't protect you from a device in the home that has this technology, but it will from people standing outside of the home (as the signal attenuates a lot outside of the home)

The only good application of this work I can come up with is to reduce the danger that comes from surprised cops in no-knock warrants.

Still kinda evil though.

Would be interesting for a home security system, or for enhancing Nest so the users don't have to walk past it for it to know you are in the home.

Also the paper notes this approach has fewer privacy concerns than other tracking systems, which is true to the degree your goal is tracking locations in a house. However if all the sudden we all ended up with tracking systems in our house that would be a privacy concern.

Useful for detecting if aged or ailing family members haven't moved in a while, and check on them.
True, some of these wifi tracking systems can track heart beat as well.
This is a type of passive identification I hadn't imagined before. It's pretty impressive to see 90% identification for a set of 6 users.

I can't imagine it's accurate enough to use for secure verification. I could see it's application for a shared entertainment system (ps4, netflix, etc) where identification is primarily for configuration purposes, not security.

Is this much different to FIND?
FIND author here.

It's not doing internal positioning with Channel State Information (CSI), but there are folks that are [1]. The approach in FIND is different [2] - FIND just uses RSSI+MAC information which works great on mobile devices and simple esp8266 chips and doesn't require code for the specific network interface. As far as I know you have to write some network card specific code to be able to use CSI.

[1] https://arxiv.org/pdf/1603.07080.pdf

[2] https://github.com/schollz/find#about

Still no IOS support yet I take it? I was so excited about that before realizing it only worked on Android.
Sorry! Apple is very restrictive. iOS 9+ is supports access to WiFi RSSI, but requires permission and approval from Apple. We requested permission 3 weeks ago and no word yet.
Can this be executed from phones (which can act as WiFi router, for tethering purposes) by this ubiquitous baseband RCE vulnerability I always hear about on HN?
Some of these WiFi statistics used in this paper are typically not exposed at the user level. You would need to have a modified driver. May or may not be easy to do for an iOS or Android phone.
I building a business around this stuff in boston. If anyone's interested send me an email (in my profile)
(comment deleted)
Hi everyone! I'm VP Product at aerial.ai. We are using some of these techniques for presence, activity and identification. We have 7 patents in this area.

Happy to answer any questions!

Edit: We're hiring DSP, ML and Growth people