Your Wi-Fi router could be used to identify you without a password, scientists warn

Scientists at Germany's Karlsruhe Institute of Technology have uncovered a critical surveillance vulnerability lurking within modern Wi-Fi routers — one that requires no password, no physical access, and no specialist equipment to exploit.

Using nothing more than radio waves, the researchers were able to identify individuals moving through a space with a staggering 99.5% accuracy rate.

The feature at the heart of the flaw

The vulnerability exploits a standard component found in Wi-Fi 5 and newer routers known as Beamforming Feedback Information (BFI).

In normal operation, routers rely on BFI to collect feedback from connected devices in order to fine-tune link speeds and connection stability — a far more specific function than simply improving signal strength in a general sense.

The critical problem, however, lies in the fact that these feedback signals travel through the air completely unencrypted.

This means that any device equipped with a Wi-Fi card — whether a standard laptop or a low-cost Raspberry Pi — is capable of intercepting them without authorisation.

How the tracking actually works

No physical access to the router is required, and knowledge of the Wi-Fi password is entirely unnecessary.

As a person moves through the path of the radio signal, their presence disrupts the BFI data in a way that generates a distinctive profile tied to their unique gait and movement patterns.

A monitoring device placed within the same general vicinity can then detect these disruptions and piece them together over time into a usable and identifiable signature.

To validate their findings, the Karlsruhe research group conducted tests involving 197 volunteers, ultimately reporting a 99.5% accuracy rate when identifying individuals from movement patterns alone.

Real-world surveillance risks

The practical implications of the vulnerability are deeply concerning. A concealed listening device planted in an office environment could, in theory, reveal precisely who had entered the building on any given day.

Similarly, a malicious actor monitoring the Wi-Fi network of a café could identify regular patrons without their knowledge or consent.

Whilst linking movement signatures to real-world identities would require supplementary data — such as a phone signal previously associated with a specific individual — the core tracking mechanism itself requires no such connection to function.

Researcher Julian Todt issued a stark warning about the implications of the discovery: "This technology turns every router into a potential means for surveillance.

"If you regularly pass by a cafe that operates a Wi-Fi network, you could be identified there without noticing it and be recognized later for example by public authorities or companies."

A threat far beyond private networks

The vulnerability is not confined to private homes or businesses. Public Wi-Fi routers installed in airports, libraries, and public transport hubs expose millions of people to the very same tracking method on a daily basis, significantly broadening the potential scale of any exploitation.