Every move you make

Via Bruce Schneier we have this:

American and Chinese academics built a keystroke recognition system called WiKey consisting, at its simplest, of a standard router (sender) and laptop (receiver). WiKey can recognize typed keys in the middle of the system based on how the Wi-Fi signal lands on the receiver.

“In real-world experiments, WiKey can recognize keystrokes in a continuously typed sentence with an accuracy of 93.5 percent,” the researchers wrote.

However, they go on to say:

This is not something you should expect to see deployed in the real world tomorrow by spy agencies or hackers. Other distortions throw the entire thing off. If someone else is walking through—or simply in—the room, the current set up falters.

That’s somewhat reassuring but what they don’t say is that it tells us that our keystrokes, some our smallest movements, can be determined via radio waves. It doesn’t have to be Wi-Fi signals from access points already in the environment. It could be any type of custom built radio transmitters and receivers specifically brought to your location. By illuminating your environment with numerous transmitters/receivers one can imagine doing the equivalent of a CAT scan of your home/office, in real time, with centimeter resolution.

If that’s not enough to concern you Bruce shares another way WiFi can be used to spy on on people:

In this paper, we propose a novel approach for human identification, which leverages WIFI signals to enable non-intrusive human identification in domestic environments. It is based on the observation that each person has specific influence patterns to the surrounding WIFI signal while moving indoors, regarding their body shape characteristics and motion patterns. The influence can be captured by the Channel State Information (CSI) time series of WIFI. Specifically, a combination of Principal Component Analysis (PCA), Discrete Wavelet Transform (DWT) and Dynamic Time Warping (DTW) techniques is used for CSI waveform-based human identification. We implemented the system in a 6m*5m smart home environment and recruited 9 users for data collection and evaluation. Experimental results indicate that the identification accuracy is about 88.9% to 94.5% when the candidate user set changes from 6 to 2, showing that the proposed human identification method is effective in domestic environments.

I think my utopian, underground, home is going to also be a Faraday Cage with some sort of HARM missile capability.

12 thoughts on “Every move you make

  1. Don’t need a Faraday cage. This can be defeated by a very slight variation in the wifi signal strength. A secure alorithm to do that negates this system by adding unpredictability to the equation, where predictability is a constant.

    • But WiFi is just one way to do it. Anything in the mid to high frequency microwave region which penetrates your structure will, almost for certain, work. There could be a directional transmitting antenna, or three, a block away from you with corresponding receivers that map your movements down to the fingertip resolution.

    • I’m not sure that helps. If I understand right, it is basically saying that Wifi is a bit like radar, and can be used to produce a picture of its surroundings. The fact that your own devices don’t use Wifi is no help; it suffices for Wifi transmitters to exist near you.
      Your practice to avoid Wifi is nevertheless a very sensible one. Bluetooth ditto, only more so. (At least Wifi is fairly well encrypted in its more recent incarnations, if you make sure WEP is disallowed.)
      On a not very related topic, I remember an article a year or two ago about traffic analysis of encrypted Voice over IP traffic (or perhaps Skype, which is similar but non-standard). The implementations in question were not padding packets, so the original packet lengths of the voice codec were visible, and that was enough to recover a lot of the content. There were some indications that dictators had actually used this capability against their subjects.

  2. I foresee – at least among the highly security minded – a market for inexpensively Faraday-caging structures in the design and construction phases.

    In lieu of an adequate Faraday cage, I’m wondering what would be required for actively confusing and/or modifying the signal. If all signals are blocked it’s obvious countermeasures have been employed, but random interference making any signal received worthless might be a cheaper method (and offer another marketing opportunity for signal blocking/interfering equipment that’s cheaper than a Faraday retrofit).

      • Only if it can be shown to have that intent. Remember that Wifi is an FCC Part 15 unlicensed service. If you generate other RF signals that happen to interfere with it, that’s perfectly ok; Wifi has no grounds for expecting not to be interfered with. For example, a nearby 1 kW ham radio station may well cause this scheme to fall apart, and such a situation would be 100% legal and proper.

  3. This is akin to that,scene in Batman ???whichever one,,where Morgan Freeman’s character leaves his cell phone and it later maps out the entire building? Cause that was some scary tech.

  4. If someone were interested enough, although I can’t imagine why anyone would be so interested, there would have been enough metadata alone on me by the year 2000 for the enemies of liberty to know that I’m not on their side. Anything I’ve done or or said since is merely confirmation of the already obvious.

    So here’s the situation. Any time anyone spends super secretly spying on me, if anyone were dumb enough to do so, is enemy time wasted. That’s fine. Also, any time I spend worrying myself about being spied upon, and any resources I spend trying to prevent being spied upon is my time wasted. If there’s anything whatsoever to be gained by the authoritarian side it will be in getting me to waste my time concerning myself with them rather than living my own life.

    Those who get all tingly with excitement over this shit, whether as a perpetrator or an imagined victim, are missing out. If we take the Christian route for example, it would go something like this; “I am a child of the one, true king. You can’t really touch me, you can’t mess with me but at your own risk. I won’t worry, nor take extreme measures to save my life because it’s already been saved. It’s beyond your reach to change that, so don’t waste your time fucking with me. If you wish to study my ways, OK, maybe you’ll learn something which could help you. And by the way; my aim is good and I will protect the innocent. I’d much rather get along in peace and amity, but if I have to kill you I will, and I’ll sleep fine afterward, so behave yourself.”

    • Your argument about the enemy wasting time is the reasoning why some people encrypt everything, and use protective machinery at every opportunity. Not so much to hide the fact that they aren’t on the enemy’s side, but to make the enemy waste more time. For one thing, you could think of it as a public service: when they waste resources on you, they can’t use those resources against another good person who hasn’t yet been identified as such.

Comments are closed.