This is a type of passive identification I hadn't imagined before. It's pretty impressive to see 90% identification for a set of 6 users.
I can't imagine it's accurate enough to use for secure verification. I could see it's application for a shared entertainment system (ps4, netflix, etc) where identification is primarily for configuration purposes, not security.
Note that this isn't all that dissimilar to Xandem's tomographic motion detection. Their "Xandem Home" product makes a Harry Potter Marauder Map style overlay on a map of your home showing where all moving people are in realtime. It is really cool stuff that I'm about to have installed in my own home:
Would be interesting for a home security system, or for enhancing Nest so the users don't have to walk past it for it to know you are in the home.
Also the paper notes this approach has fewer privacy concerns than other tracking systems, which is true to the degree your goal is tracking locations in a house. However if all the sudden we all ended up with tracking systems in our house that would be a privacy concern.
I'd imagine a simple device that broadcasts noise or fake signals would be enough to throw it off. Lots of principles used in speed trap jammers could be used.
Run Ethernet throughout your home and hardwire 100% of everything. Disable all wireless radios in your house. That will stop your own gear from being used like this, but unless you turn your home into a faraday cage someone could probably blast your home with 2.4GHz externally to achieve similar results. If as you mention, perhaps you had some kind of suit that is completely absorbent to wireless spectrum, though that in itself could be used as an identifier most likely.
put some cold water and ice in the bathtube and wait inside it until the spiders left the building... :) (important link to understand: https://www.youtube.com/watch?v=901lYbPmqu4)
VP Product at aerial.ai (using similar strategies as this paper) here. A few major caveats to make this work:
a) There needs to be enough traffic happening on the network to have the resolution needed to differentiate between people.
b) The device needs to be able to see the traffic. This won't protect you from a device in the home that has this technology, but it will from people standing outside of the home (as the signal attenuates a lot outside of the home)
It's not doing internal positioning with Channel State Information (CSI), but there are folks that are [1]. The approach in FIND is different [2] - FIND just uses RSSI+MAC information which works great on mobile devices and simple esp8266 chips and doesn't require code for the specific network interface. As far as I know you have to write some network card specific code to be able to use CSI.
Sorry! Apple is very restrictive. iOS 9+ is supports access to WiFi RSSI, but requires permission and approval from Apple. We requested permission 3 weeks ago and no word yet.
Hi everyone! I'm VP Product at aerial.ai. We are using some of these techniques for presence, activity and identification. We have 7 patents in this area.
Can this be executed from phones (which can act as WiFi router, for tethering purposes) by this ubiquitous baseband RCE vulnerability I always hear about on HN?
Some of these WiFi statistics used in this paper are typically not exposed at the user level. You would need to have a modified driver. May or may not be easy to do for an iOS or Android phone.
I can't imagine it's accurate enough to use for secure verification. I could see it's application for a shared entertainment system (ps4, netflix, etc) where identification is primarily for configuration purposes, not security.