Researchers in Germany say ordinary Wi-Fi routers can do more than move data around a home or office: they can identify people inside a room with striking accuracy, without touching the network and without anyone carrying a phone or wearable. Their BFId system reportedly reached 99.5% identification accuracy in tests, which is great news for surveillance fans and a headache for everyone else.
The work comes from the Karlsruhe Institute of Technology and leans on a piece of Wi-Fi plumbing most users never think about: beamforming feedback information, or BFI. That data is sent automatically to help routers aim signals in Wi-Fi 5 networks, and because it is not encrypted, it can be intercepted by a Wi-Fi adapter in monitor mode. In other words, the leak is built into the system, not pried open from the outside.
BFId works with standard routers
That is the big twist here. Earlier approaches based on channel state information, or CSI, were more finicky: they often needed modified hardware, special firmware, and a narrower set of supported devices. BFId, by contrast, is designed to run on standard routers and can collect data from all Wi-Fi clients at once with a single interceptor.
In the reported tests, the team used 197 people, the largest sample in this kind of study so far. BFId’s 99.5% result dwarfed the CSI-based baseline, which reached about 82.4% on the same subgroup. The researchers say the edge comes from scale and signal quality: BFI offers about 740 features for analysis, compared with 212 in CSI, and it handles interference better.
- BFId input: unencrypted beamforming feedback information
- Reported accuracy: 99.5%
- Test group: 197 people
- Key advantage: works with standard Wi-Fi routers
Privacy risks are no longer hypothetical
The obvious defence is to cut back beamforming reports, but the researchers say that barely dents the result. Full encryption would be far harder, because it would require changes to Wi-Fi standards and could break compatibility with existing devices. That is the usual trade-off in networking: the feature that improves performance also quietly opens a new side channel.
The timing matters. The IEEE 802.11bf standard, introduced in 2025, formally brings ”Wi-Fi sensing” into the official playbook, which includes detecting presence and reading environmental cues over wireless networks. That makes the gap in privacy protections awkward, especially now that the same infrastructure used for convenience can also be turned into a room-level observer.
What router makers may have to fix next
If the findings hold up outside the lab, router makers and standards bodies are going to face an unpleasant choice: preserve compatibility and live with the leak, or redesign the protocol stack around stronger protections. My bet is on the familiar sequence first – a lot of hand-wringing, followed by slow, partial fixes – because retrofitting security into deployed wireless gear is almost always uglier than announcing it.