[HN Gopher] WiFi Routers Used to Produce 3D Images of Humans
___________________________________________________________________
WiFi Routers Used to Produce 3D Images of Humans
Author : bubblehack3r
Score : 199 points
Date : 2023-01-22 18:44 UTC (4 hours ago)
(HTM) web link (vpnoverview.com)
(TXT) w3m dump (vpnoverview.com)
| HeckFeck wrote:
| It wouldn't surprise me if the three letter agencies were already
| utilising this.
| t433 wrote:
| They are tapped into millions of routers worldwide.
| ben_w wrote:
| I doubt it. If they want to see you though a wall, they will
| use an overpriced custom radar solution, not consumer
| electronics with COTS software.
| bubblehack3r wrote:
| Link directly to the research paper: https://vpnoverview.com/wp-
| content/uploads/2301.00250.pdf
| [deleted]
| [deleted]
| tecleandor wrote:
| Seems like they've remove the PDF from the article.
|
| You can get the original PDF from Arxiv :
| https://arxiv.org/abs/2301.00250
| olivierlacan wrote:
| You may be working with people who, at the beginning of their
| careers, worked on exciting and challenging projects as junior
| engineers for U.S. defense contractors to either detect the
| precise location of specific Wi-Fi clients.
|
| Ask them when they realized that their work was extensible to any
| radio frequency client (cell, Bluetooth) and used for targetting
| missile strikes. I can guarantee you know at least a few people
| in the industry who did.
|
| Just because we can doesn't mean we should. This story reeks of
| DoD funded research which somehow gets whitewashed as "cool new
| tech thing!" on tech blogs when it should really be sending
| chills down your collective spines.
|
| This capability may be fringe and nation-state controlled for a
| few years, then it will inevitably fall into the hands of large
| and well-funded criminal organizations, abusive spouses, and of
| course overfunded trigger happy SWAT teams -- who will still
| manage to get their court order addresses wrong and kill innocent
| people and pets over a no-knock warrant.
|
| All this triggers in me is the irrespressible urge to get
| technologists to finally get it through their thick skulls that
| what we do _does_ kill people exactly like doctors. We 've just
| refuse to take responsibility for it when any other industry
| would have seriously discussed ethics board and licensure at this
| point. No matter how complicated such an effort would be.
| [deleted]
| golergka wrote:
| > their work was extensible to any radio frequency client
| (cell, Bluetooth) and used for targetting missile strikes
|
| Good. I didn't work on such tech, but I would be excited and
| proud to, if I was working for a country like US, which I
| believe in.
| nigerian1981 wrote:
| Proud of the tens of thousands of Iraqi civilians killed by
| the US?
| serverholic wrote:
| I've noticed a distinct lack of caring regarding social
| responsibility in the tech industry even though we are some of
| the most privileged workers in the entire labor force.
| nobody9999 wrote:
| >I've noticed a distinct lack of caring regarding social
| responsibility in the tech industry even though we are some
| of the most privileged workers in the entire labor force.
|
| I'd posit that "lack of caring" in the tech industry is, at
| least in part, _because_ (not "even though") "we are some of
| the most privileged workers in the entire labor force."
|
| It's hubris, greed and a lack of empathy society at large and
| for other humans.
|
| There definitely _are_ folks who do care. But when such folks
| speak out, they are usually ignored or derided for "tilting
| at windmills" because "privacy no longer exists" and "there's
| money to be made" and other weak-sauce rationalizations.
|
| And the hoi polloi mostly don't understand the issues, and
| just like having "free" services, not realizing they're
| putting their data, privacy and online (and increasingly
| offline, with cameras everywhere, spying "IOT" devices, brisk
| business for data brokers, etc.) personages in the hands of
| (at least based on their behavior) sociopathic tech bros
| whose only interest is in maximizing revenue -- and today
| that's accomplished through "targeted advertising."
|
| Which doesn't really work, but advertisers (and political
| operatives, some law "enforcement" agencies, stalkers and
| other scum) are willing to pay top dollar for such data.
|
| Until the incentives are the right way round, that's not
| going to change.
|
| I'd love to paint a picture of benevolent tech
| workers/managers/founders who have society's and the
| individual's best interests at heart.
|
| But (with apologies to Quentin Tarantino), that shit ain't
| the truth. The truth is the hoi polloi are the weak. And
| we're the tyranny of evil men.
| steele wrote:
| Yet another reason to avoid Xfinity hardware.
| deno wrote:
| The photo in article is some random stock image and has nothing
| to do with the research paper[1].
|
| [1] https://vpnoverview.com/wp-content/uploads/2301.00250.pdf
| lynndotpy wrote:
| Oh wow. Notably, Figures 7 and 8 (on pages 7 and 10,
| respectively) are _better_ resolved than the stock photo.
|
| Figure 8 shows a variety of "failure cases," but even these
| failure cases are surprisingly accurate estimations!
| ghostpepper wrote:
| Is that link broken for anyone else? Redirects back to the top
| level page for me
| thedrexster wrote:
| Try https://arxiv.org/pdf/2301.00250.pdf -- looks like they
| removed the original PDF from the linked article.
| [deleted]
| [deleted]
| jeffbee wrote:
| "Meat interferes with photons" must be among the least-surprising
| research outcomes of all time.
| anigbrowl wrote:
| _This proof-of-concept would be a breakthrough for healthcare,
| security, gaming (VR), and a host of other industries._
|
| /facepalm
|
| They do acknowledge the privacy concerns but go to make (imho)
| pie-in-the-sky arguments like 'this will enhance privacy because
| security cameras won't be as necessary in public spaces.
| Journalism doesn't pay much, so maybe this is some naively
| idealistic person's first writing job. I once believed that
| adding public comments on news websites would elevate the
| standard of public discourse and I mentally kick myself on the
| regular for the time I spent promoting this idea back in the
| 1990s.
|
| The researchers offering the same ideas in the paper don't have
| such an excuse; they're creating an entire new class of
| surveillance technology and pretending that this will somehow
| enhance privacy, which flies in the face of all experience and
| research on the topic. The technicals result are outstanding and
| I'm very impressed by them, as well as the exposition and
| direction of research. The potential applications are numerous
| and exciting to my inner geek.
|
| But I'm also worried. The existing limitations will fall sooner
| than expected, and it will be productized while the ethicists are
| still drafting their arguments (at which point they'll shift to
| asking for donations to counter the latest threat). Semi-
| seriously considering repainting the inside of my house to make a
| faraday cage by mixing copper paint in the underlayer.
| [deleted]
| transpute wrote:
| _> Semi-seriously considering repainting the inside of my house
| to make a faraday cage by mixing copper paint in the
| underlayer._
|
| EMF reduction case study with conductive paint,
| https://www.zokazola.com/emf_reduction.html
| azinman2 wrote:
| The thing is, almost all technology is a double edged sword.
| That doesn't do much to alleviate the responsibility of those
| who do it to understand the ethics of the world, but usually
| that's beyond our ability. I'm sure few working on consumer
| drones in the beginning anticipated their use on the battle
| field.
|
| The internet itself is a great example of how much benefit can
| come from access to knowledge, as well as the ability to how
| limitless (mis)knowledge can be simultaneously used to destroy
| societies.
|
| Ultimately bad actors will do bad things regardless with
| whatever they have access to. Of course new bad things can come
| along, but what metric should we use to decide whether an idea
| is worth perusing? Who should make the cost benefit analysis,
| when the reality 20 years down the road is often unknowable
| (bad and good)?
| phpisthebest wrote:
| >>Semi-seriously considering repainting
|
| So they have Blackboard paint, how long before PPG or Sherwin
| Williams creates Faraday Paint...
| yazzku wrote:
| > In addition, they protect individuals' privacy and the required
| equipment can be bought at a reasonable price.
|
| To argue that this protects people's privacy (versus cameras in
| public spaces) is certainly a very odd take.
|
| I'd be more curious to know what are legitimate use cases of this
| and who funded the research.
| LarryMullins wrote:
| It's kind of like the way they renamed the Department of War to
| the Department of Defense.
| thewebcount wrote:
| [flagged]
| Ultimatt wrote:
| "WiFi Routers Estimates 3D Pose of Humans in Modelled
| Reconstruction" as an actual non bullshit title. The paper being
| a more concise "DensePose from WiFi".
| version_five wrote:
| A variation of this was used in "The Dark Night", and you'll
| recall that Morgan Freeman quit over the ethical implications.
| transpute wrote:
| _> This proof-of-concept would be a breakthrough for healthcare,
| security, gaming (VR), and a host of other industries._
|
| Similar capability is scheduled for new consumer routers in 2024
| via Wi-Fi 7 Sensing / IEEE 802.11bf. Hundreds of previous papers
| include terms like these: human-to-human
| interaction recognition device-free human activity
| recognition occupant activity recognition in smart offices
| emotion sensing via wireless channel data CSI learning for
| gait biometric sensing sleep monitoring from afar
| human breath status via commodity wifi device-free crowd
| sensing
|
| Earlier discussion: https://news.ycombinator.com/item?id=34423395
|
| Sample code exists for ESP32 WROOM, https://wrlab.github.io/Wi-
| ESP/ and Intel 5300,
| https://dhalperi.github.io/linux-80211n-csitool/
| arkadiyt wrote:
| > Earlier discussion:
| https://news.ycombinator.com/item?id=34423395
|
| The top comment [0] on this has:
|
| > Counter-measures:
| https://news.ycombinator.com/item?id=27121918#27133079
|
| but I don't understand the setup here. If you have the
| capability to run custom firmware on your router then don't you
| not need this countermeasure, since you can be confident your
| router isn't doing this wireframing anyway? Or is it saying
| that a passive bystander who is not connected to your network
| can infer the wireframes as well? That seems unlikely to me?
|
| [0]: https://news.ycombinator.com/item?id=34424242
| transpute wrote:
| _> passive bystander who is not connected to your network can
| infer the wireframes as well?_
|
| A bystander can use their own router (2.4Ghz passes through
| most walls) to make inferences about human activity inside
| your building.
| arkadiyt wrote:
| Then the countermeasure does nothing since you can't run
| your firmware on their router?
| avree wrote:
| Correct, this 'countermeasure' is for a fantasy world in
| which it's easier to compromise your router than set up a
| couple clients and a router nearby.
|
| Also, realistically, wi-fi isn't the boogeyman here, even
| though the person you're replying to has been doom-
| posting about it for years - UWB and various other tech
| is going to make detecting location and movement from RF
| frequency fairly trivial.
| transpute wrote:
| _> compromise your router_
|
| No compromise needed. This was one research project
| looking at the current world where your existing router
| is happily beaming location information out of your home,
| which can be read by an attacker with a passive receiver.
| If an attacker is forced to use their own transmitter,
| that can potentially be detected.
|
| _> wi-fi isn 't the bogeyman here_
|
| Wi-Fi is the lowest cost modern application of ancient
| doppler imaging radar that has been around for decades.
| There is code for ESP32 devices,
| https://wrlab.github.io/Wi-ESP/. Many years ago, through-
| the-wall surveillance was primarily used by military and
| law enforcement with devices costing thousands of
| dollars. How many people are aware that the capability is
| now available for $20?
| transpute wrote:
| This was just one tiny EU research project with limited
| funding, which was focused only on passive attacks, e.g.
| a receiver with custom firmware can make inferences from
| _existing_ Wi-Fi routers. Their research was looking for
| a way to modify the default behavior of Wi-Fi
| transmitters to reduce leakage of location information.
| If this was the default behavior (e.g. via some
| combination of IEEE standard and regulation), then active
| attackers could be easily identified.
|
| https://ans.unibs.it/projects/csi-murder/
|
| _> this paper addressed passive attacks, where the
| attacker controls only a receiver, but exploits the
| normal Wi-Fi traffic. In this case, the only useful
| traffic for the attacker comes from transmitters that are
| perfectly fixed and whose position is well known and
| stable, so that the NN can be trained in advance, thus
| the obfuscator needs to be installed only in APs or
| similar 'infrastructure' devices. Active attacks, where
| the attacker controls both the transmitter and the
| receiver are another very interesting research area,
| where, however, privacy protection cannot be based on
| randomization at the transmitter._
|
| More research and funding is needed.
| rhn_mk1 wrote:
| It seems that it's for installing on a station device I
| guess?
| [deleted]
| [deleted]
| giantg2 wrote:
| Sounds like phrases out of _1984_.
| walrus01 wrote:
| > Similar capability is scheduled for new consumer routers in
| 2024 via Wi-Fi 7 Sensing / IEEE 802.11bf.
|
| Reminds me somewhat of a joke I recently saw posted somewhere
| in social media by a greybeard Unix sysadmin. In a discussion
| related new consumer grade IOT technology.
|
| "The newest piece of technology I have in my house is an HP
| Laserjet 4, and I keep a revolver ready to shoot it if it ever
| makes an unexpected noise"
|
| On a more serious note, however, I see a real serious problem
| with having consumer/residential wifi routers that can attempt
| to track people or movement around a house _and_ have the
| default-on, built in capability to make themselves centrally
| manageable by some form of persistent internet-based
| connection-over-TLS link to their manufacturer. Same general
| ideas as Meraki or other.
|
| Who wants to bet that the manufacturers of these things leave
| this capability turned on by default AND submitting data
| through its "cloud management" feature persistently for as long
| as the device is powered on and has a viable default
| route/gateway to the internet?
|
| Who wants to bet that in 5-7 years we're seeing problems with
| these things submitting data sets of peoples' movement around a
| house into some database run by a vendor that then suffers a
| major data breach?
| neilv wrote:
| That joke is one of the all-time top /r/ProgrammerHumor
| posts:
|
| https://old.reddit.com/r/ProgrammerHumor/comments/aloi5v/pro.
| ..
| avree wrote:
| Even pre-WiFi 7, there are companies such as Cognitive who
| allow you to detect motion (as well as occupant activity,
| etc.). I implemented such a system at my previous company which
| sold Wi-Fi.
| transpute wrote:
| Yes, some vendors have shipped their own implementations.
| There's also custom firmware for some radios. But
| standardization will bring scale and ubiquity to non-
| technical users. Are millions of city occupants ready for
| transparent walls, floors and ceilings? Are businesses ready
| for remote keystroke detection?
| Gigachad wrote:
| I guess the future is RF blocking walls. Might even be a
| good thing since It'll allow for less congested airwaves
| for yourself.
| transpute wrote:
| Maybe something like this foil-backed gypsum board,
| https://www.goldbondbuilding.com/products/drywall-
| panels/foi...
|
| RF/sound blocking drywall for SCIFs costs a small
| fortune,
| https://www.quietrock.com/products/quietrock-530rf
| azinman2 wrote:
| I suggest the opposite - it will enable many exciting
| smart home possibilities which in some could seriously
| reduce HVAC energy needs beyond what's possible today.
| walrus01 wrote:
| > there are companies such as Cognitive
|
| It's my understanding that there have been companies trying
| to sell solutions like this for people-tracking indoors for
| supermarkets/grocery stores, shopping malls, large department
| stores for at least 7-8 years now.
|
| (edit: Stuff like RF beacons built into shopping cart
| handles, right? Since the shopping carts are centrally
| owned/managed/controlled and with unique serial numbers, and
| _mostly_ don 't get stolen or leave the property.)
| avree wrote:
| Your understanding is correct, but most of those were based
| on iBeacons/NFC/other tech and not Wi-Fi.
| nly wrote:
| Can we use this sort of processing power and analysis to figure
| out how to get better signal coverage in a property instead?
| bastardoperator wrote:
| Are you interested in joining our human mesh network? For the
| price of 420.69 we offer a wearable necklace with a raspberry
| pi attached to it and a green solar panel t-shirt to ensure
| power/uptime. Become the internet now! Restriction may apply,
| sorry not available in Hawaii or Alaska.
| smeej wrote:
| DDGing "Faraday wallpaper"...
| captainkrtek wrote:
| Pretty cool. Semi-related but reminds me of this research from
| MIT on seeing around corners:
|
| https://youtu.be/JWDocXPy-iQ
| themaninthedark wrote:
| We have radar capable satellites we use to bounce a signal off
| the ground, through a hanger door and then reconstruct the
| image to discern what is hidden there.
|
| https://www.youtube.com/watch?v=ztR9mdJ1YWU
|
| https://www.youtube.com/watch?v=u2bUKEi9It4
|
| https://www.youtube.com/watch?v=dOoCltqtJR8
| 404mm wrote:
| Yes! And seeing through a keyhole! https://youtu.be/Veo27qhrI20
| birdyrooster wrote:
| I spend so much time thinking about this as an entrepreneur and
| whenever I talk use cases people seem to not care.
| giantg2 wrote:
| They can also do this without the laser by detecting shadows
| from existing light sources that aren't visible to the naked
| eye.
| varenc wrote:
| Wow that video was short, informative, and very cool in a retro
| sort of way. Thanks.
| mr-pink wrote:
| i'd like to understand wtf my upstairs neighbor is doing. can
| this help me?
| fy20 wrote:
| I read "used to" in the title in the past tense form. For a
| moment I was wondering why they no longer produce 3D images.
| vlovich123 wrote:
| https://m.youtube.com/watch?v=mHLAe3RyMDk
| mabbo wrote:
| I came here to bring the exact same joke. Rest in peace,
| Mitch.
| brycedriesenga wrote:
| The code was lost eons ago, sadly :'(
| can16358p wrote:
| The more unexpected discoveries we find, the more I think how
| many more capabilities of everyday devices are "hiding" in
| plainsight that would surprise us.
| fnordpiglet wrote:
| This is why I put tape over my Wi-Fi router
| WithinReason wrote:
| I guess wearing a tin foil hat might be useful too
| ThePowerOfFuet wrote:
| > * * *
|
| Why do you post this? It doesn't add to anything.
| slimsag wrote:
| Really putting the router in an aluminum enclosure/Faraday
| cage if you can is the only way to prevent this. Then just
| use the lan ports on the device, but also make sure the LAN
| cables are shielded because it could be using them as
| antennas given how compromised wifi router firmwares usually
| are.
| LarryMullins wrote:
| You have to shield your home from your neighbor's emitters
| too. And from the police radar surveillance van sitting in
| the street in front of your house.
| rl3 wrote:
| > _... And from the police radar surveillance van sitting
| in the street in front of your house._
|
| Nothing a kind note and an order of small-batch artisan
| donuts can't solve.
| PaulWaldman wrote:
| >Then just use the lan ports on the device, but also make
| sure the LAN cables are shielded because it could be using
| them as antennas given how compromised wifi router
| firmwares usually are.
|
| Those shielded Ethernet cables better be properly grounded.
| eric__cartman wrote:
| I prefer to wear a tin foil suit thank you.
| konfusinomicon wrote:
| only electrical tape will work though. it's the only one that
| actually blocks electrons
| zxcvbn4038 wrote:
| I would really like to see a practical open source implementation
| of this so people can start looking for ways to defeat it.
| Otherwise you know the police are going to abuse this.
| LarryMullins wrote:
| Short of lining your walls with foil, how could you defeat it
| _legally_? Jamming isn 't legal.
|
| We need new legislation to ban this, without a law enforcement
| exemption. I don't have high hopes.
| Gigachad wrote:
| Lining the exterior walls doesn't sound all that hard for a
| new build. Just lay the RF blocking sheet down before the
| drywall. People love those RF blocking wallets that have
| dubious value, a "privacy wall" upgrade from builders would
| probably sell well.
| kccqzy wrote:
| They can sell it as improving Wi-Fi in your own home too,
| even if you trust neighbors not to pull some shenanigans,
| since your Wi-Fi network won't be subject to interference
| from neighboring networks.
| giantg2 wrote:
| I would take a wild guess that it wouldn't be jamming, but
| some sort of network configuration. Maybe something like
| extra access points with specific geometry, higher power
| exterior APs than interior APs, or random beam forming or
| reflections.
|
| Jamming could still be an option. Most devices are required
| to accept any interference from other lawful devices. So in
| theory, you could find legal ways of jamming.
|
| https://www.zdnet.com/article/how-to-jam-your-neighbors-
| wi-f...
| iam-TJ wrote:
| "Jamming" is legal in as much as any device that operates in
| the ISM[0] bands must accept interference - so in the 2.4GHz
| example, microwave ovens, baby monitors, TV relays, remote
| door monitors, wireless alarm systems etc., all operate in
| the same band and will interfere with WiFi that is close by
| (since they use a different modulation).
|
| [0] https://en.wikipedia.org/wiki/ISM_radio_band
| kccqzy wrote:
| And in college I remember a professor or a TA demonstrated
| jamming by operating a modified microwave oven while
| running iperf or something similar on a nearby Wi-Fi
| network.
| azinman2 wrote:
| It's not some "radio gun" you can just point at a house - you
| need a very calibrated setup purpose built for each space. This
| would be very obvious and would require access to inside to do
| the calibrations.
|
| There are far more obvious ways to know if someone is home,
| from thermal sensors, looking in windows and knocking on doors,
| or park outside and just watch.
|
| Further if the police want to know if you're home, it'd already
| game over.
___________________________________________________________________
(page generated 2023-01-22 23:00 UTC)