logo of Akmatori
GitHub
12.02.2026

WiFi Sensing and the Rise of Invisible Surveillance

head-image

WiFi signals do more than carry data. Researchers have demonstrated that standard wireless networks can detect human presence, track movement, and even recognize specific activities, all without cameras or dedicated sensors. For SRE and security teams managing infrastructure, this capability introduces both defensive opportunities and concerning privacy implications.

How WiFi Sensing Works

WiFi sensing exploits Channel State Information (CSI), the detailed measurements routers use to optimize signal transmission. When radio waves travel between devices, they bounce off walls, furniture, and people. Human movement disrupts these reflection patterns in predictable ways.

By analyzing CSI data over time, software can detect:

  • Presence detection: Whether someone is in a room
  • Motion tracking: Walking paths and movement speed
  • Activity recognition: Sitting, standing, falling, or specific gestures
  • Breathing and heart rate: Subtle chest movements affect signal patterns
  • Person counting: How many people occupy a space

Modern routers and access points already collect this data for beam steering and network optimization. The leap from network tuning to surveillance requires only software.

The IEEE 802.11bf Standard

The WiFi Alliance has been developing IEEE 802.11bf, a standard specifically for WiFi sensing applications. Expected to finalize in 2028, it will standardize how devices share and process CSI data. Intended applications include:

  • Smart home automation
  • Elder care fall detection
  • Intruder detection systems
  • Gesture-based device control

While these use cases sound benign, the same technology enables mass surveillance without visible monitoring equipment.

Security Implications for Infrastructure

Your Network May Already Be Watching

Enterprise access points often support CSI extraction through firmware updates or third-party tools. Attackers with access to your network infrastructure could enable sensing capabilities without deploying visible surveillance equipment. Key concerns:

  • Insider threats: Malicious employees with AP access can enable tracking
  • Supply chain attacks: Compromised firmware could include sensing capabilities
  • Physical security bypass: Motion detection could map facility layouts
  • Persistent monitoring: Unlike cameras, WiFi sensing leaves no visible trace

Detecting WiFi Sensing Activity

Look for these indicators of potential WiFi sensing:

# Check for unusual CSI extraction on Linux APs
iw dev wlan0 info | grep -i "csi\|sensing"

# Monitor for high-frequency beacon captures
tcpdump -i wlan0 -c 1000 type mgt subtype beacon 2>/dev/null | \
  awk '{print $1}' | uniq -c | sort -rn | head

Abnormal patterns in beacon traffic or CSI-related driver activity may indicate sensing is enabled.

Network-Level Defenses

Implement these controls to limit WiFi sensing exposure:

1. Segment Wireless Networks

Keep sensitive areas on isolated wireless segments with strict access controls:

# Example VLAN configuration for sensitive zones
vlans:
  secure_zone:
    id: 100
    wireless_profile: restricted
    csi_extraction: disabled
    client_isolation: enabled

2. Audit Access Point Firmware

Maintain inventories of all wireless equipment and firmware versions. Many sensing capabilities require specific firmware features:

# Script to audit AP firmware versions
for ap in $(cat /etc/ap_inventory.txt); do
  ssh admin@$ap "show version" | grep -E "Version|Build"
done

3. Monitor for CSI-Related Traffic

Some sensing implementations transmit CSI data to external servers for processing. Watch for unexpected outbound connections from network infrastructure:

# Check for unexpected connections from APs
ss -tunp | grep -E ":80|:443|:8080" | grep -v "expected_destinations"

4. Physical Layer Countermeasures

For high-security environments, consider:

  • Reducing transmit power to limit sensing range
  • Using directional antennas to control coverage
  • Implementing frequency hopping where supported
  • Adding RF shielding to sensitive areas

WiFi Sensing for Defense

The same technology can strengthen physical security when properly implemented:

Intrusion Detection

Deploy authorized WiFi sensing to detect unauthorized presence in data centers or secure areas:

# Simplified presence detection using CSI variance
import numpy as np

def detect_motion(csi_samples, threshold=0.05):
    variance = np.var(csi_samples, axis=0)
    motion_detected = np.any(variance > threshold)
    return motion_detected, variance.max()

Asset Protection

Monitor server rooms for unexpected human activity outside maintenance windows. Integrate with existing alerting:

# Alert rule for out-of-hours presence
- alert: DataCenterPresenceOOH
  expr: wifi_sensing_presence{zone="datacenter"} == 1
  for: 1m
  annotations:
    summary: "Unexpected presence in data center"
  labels:
    severity: warning
    runbook: "verify_authorized_access"

Privacy Regulations and Compliance

WiFi sensing raises questions under privacy frameworks:

  • GDPR: Processing of presence data likely constitutes personal data processing
  • CCPA: Location inference may trigger disclosure requirements
  • HIPAA: Healthcare facilities must consider sensing in privacy assessments

Document any sensing capabilities in your data protection impact assessments and update privacy notices if sensing affects occupied spaces.

Recommendations for SRE Teams

  1. Audit existing equipment: Check whether deployed APs support CSI extraction
  2. Review firmware sources: Ensure network equipment comes from trusted supply chains
  3. Segment sensitive areas: Isolate wireless coverage in security-critical zones
  4. Monitor outbound traffic: Watch for unexpected data exfiltration from infrastructure
  5. Update threat models: Include WiFi sensing in physical security assessments
  6. Consider defensive deployment: Evaluate authorized sensing for intrusion detection

Conclusion

WiFi sensing transforms ubiquitous wireless infrastructure into potential surveillance equipment. As the technology matures and standards like 802.11bf emerge, SRE and security teams must understand both the threats and opportunities it presents. Proactive auditing, network segmentation, and clear policies will help organizations manage this capability responsibly.

For efficient incident management and to prevent on-call burnout, consider using Akmatori. Akmatori automates incident response, reduces downtime, and simplifies troubleshooting.

Additionally, for reliable virtual machines and bare metal servers worldwide, check out Gcore.

Akmatori team

Automate incident response and prevent on-call burnout with AI-driven agents!

Try Akmatori for free