Counting People through a Wall with Wi-Fi

Interesting research:

In the team's experiments, one WiFi transmitter and one WiFi receiver are behind walls, outside a room in which a number of people are present. The room can get very crowded with as many as 20 people zigzagging each other. The transmitter sends a wireless signal whose received signal strength (RSSI) is measured by the receiver. Using only such received signal power measurements, the receiver estimates how many people are inside the room ­ an estimate that closely matches the actual number. It is noteworthy that the researchers do not do any prior measurements or calibration in the area of interest; their approach has only a very short calibration phase that need not be done in the same area.

Academic paper.

Posted on September 27, 2018 at 7:43 AM • 24 Comments

Comments

BobSeptember 27, 2018 10:44 AM

Nice to have proof of concept, but it stands to reason that if you're emitting radio waves, they can be used to track you.

Clive RobinsonSeptember 27, 2018 10:54 AM

@ bob,

but it stands to reason that if you're emitting radio waves, they can be used to track you.

Whilst that is true, what is not true is that "you" have to emit the radio waves in this sort of situation. Thus the WiFi access point in the room could be one that belongs to one or more of the people in the room not you.

In effect you are using it like "offset radar" which was developed for the military at or before the 1980's to avoid issues with RF sensing "fly down the beam" anti-radar missiles.

SteveSeptember 27, 2018 11:17 AM

Since most people now carry one or more radio tracking devices these days, why go to all this trouble?

Just fire up a spectrum analyzer and count the signals.

@Clive Robinson: Yes, I know this is different, I'm just making a small joke.

HermanSeptember 27, 2018 11:46 AM

Steve: Spread spectrum signals from multiple cell phones are very hard to identify and count with a spectrum analyzer. However, a portable cell phone monitoring device can.

k15September 27, 2018 3:29 PM

How good is this at distinguishing between elevationally adjacent units in an apartment building? If you notice funny business, is this one more possibility for why?

(required)September 27, 2018 3:33 PM

"why go to all this trouble?"

Think police about to break down a door.

The "new" here is the ex-situ calibration that apparently is very quick as TFS notes.

echoSeptember 27, 2018 3:40 PM

This is pretty cool and an extension of the whole idea of wifi as a covert survellience device which has been on the receiving end of a few papers.

This could be useful if you arrive late for work and want to sneak past a meeting without being spotted. I suppose some killjoy will decide to invent wifi bombs which can be dropped over a wide area and used to provide targetting information for mass drone strikes.

Clive RobinsonSeptember 27, 2018 4:39 PM

@ echo,

I suppose some killjoy will decide to invent wifi bombs which can be dropped over a wide area and used to provide targetting information for mass drone strikes.

You know what you've done there?

One of two things,

1, Reveal state secrets.
2, Given some sociopath an idea for a business plan to be the next major MIC company with their snouts firmly rooting in the tax trough.

You should no by now, other people read this blog ;-)

Actually more seriously, Ross J. Anderson over at Cambridge labs did research on something almost the same called "smart dust" or "sensor nets" a couple of decades back.

Clive RobinsonSeptember 27, 2018 5:04 PM

@ Steve,

Just fire up a spectrum analyzer and count the signals.

And you forgot the most important "then divide by three"...

One for the iPhone, one for the Apple tablet and one for either the Apple iWatch or some other fitness tracker ;-)

I can remember a time whe it was just two dumb mobile phones around 98, that would mark you out as a poser... Then just a few years later the Police were saying having two phones was a suspicious sign that you were either a master criminal or later a terrorist. Either way people should report you on the "Special Incident Hotline in full confidence"...

Then one december thay actually said that men with beards and bags were potential terrorists... Poor santa nearly got locked up...

As the old saying goes "You could not make it up if you tried".

Which remineds me...

@ ALL,

Which parents are going to get there little ones to send their Christmas list to "Dear Alexa..." this year?

Assuming of course she can hold it together, apparently she went missing in action for a few hours and people were asking others how to turn on their electric kettles...

Oh really?September 27, 2018 5:52 PM

"Then just a few years later the Police were saying having two phones was a suspicious sign that you were either a master criminal or later a terrorist. Either way people should report you on the "Special Incident Hotline in full confidence"..."

As the old saying goes, citation required.

Clive RobinsonSeptember 28, 2018 12:40 AM

@ Oh really?,

As the old saying goes, citation required.

As the older saying goes in colleges and universities "Have you done your basic research? If not why not?"

I'll give you a hint, these are not new to older participents in this blog and it's predecessor systems. Our host @Bruce actually made comment on the "Male with beard and bag" warning.

As second hint UK Met Police and UK Transport Police were those who issued the warnings.

So now go do your own research, as you should do. Or to use a saying that's even older, and supposadly comes with a deities seal of approval,

    Seek and ye shall find

A hint if you don't know that one go read the bible or just google it, and you will get Matthew 7:7 put up in front of your eyes...

But if you lack even rudimentary "google fu" or are just to darn lazy, or as other's have a habit of doing of hiding behind ill thought up sock puppetesqu names, I'll be nice and do the hard one for you,

https://metro.co.uk/2008/02/26/got-two-mobiles-we-re-watching-you-10597/

Now go do the other yourself...

FASeptember 28, 2018 2:36 AM

What if the people in the room are not 'zigzagging' but just sitting at their desk ? Or when they are moving around more slowly ? Or only a few are moving ?
It doubt very much if this method is a accurate as the authors claim it is.

Oh really?September 28, 2018 4:36 AM

"People should report anyone suspicious who owns more than one mobile phone, a counter-terrorism campaign launched on Tuesday is urging."

The posters also call on people to pass on information about anyone displaying ‘odd’ behaviour such as photographing CCTV cameras, urging people to ‘let experienced officers’ decide what action to take.

One poster says: ‘Terrorists need communications. They often collect and use many anonymous pay-as-you-go phones, as well as swapping Sim cards and handsets.’


Valid enough, report suspicious people. Multiple burner phones is a valid clue says 1 poster.
Tough to tell there how much is poorly truncated article vs what is the actual policy.
If they have a good excuse for multiple burner phones they wouldn't be suspicious.

Not quite two phones = you're a suspect, but it's good to know what you were referring to.


PhaeteSeptember 28, 2018 8:31 AM

So who is the suspected terrorist?

https://www.independent.co.uk/news/world/americas/us-politics/trump-white-house-secure-cell-phone-twitter-hack-iphone-hillary-clinton-a8362736.html

"Donald Trump has shrugged off attempts by White House staff to improve the security around his mobile phones because doing so would be “inconvenient”, it has been claimed.
The US President is said to use two iPhones"

So i know who is suspicious and needs reporting....obviously not.

When i see 2 phones, i assume work and private.
3rd would be for other bands if you travel, or cheating spouse.
4th is getting more difficult to explain, fetish, fanboy?

But nowhere do i attribute having multiple cellphones to terrorism, it is a subset of the much more larger group of people having 2 phones, one for work, one for private.

Anyway, the original article is from 2008, i hope they are not actively pursuing this still.

vas pupSeptember 28, 2018 11:06 AM

@all:
I have kind of foggy memories on Pablo Escobar. He did multiple phones in usage, so it was not simple to pinpoint his exact location, but French company provides trace equipment and that was resolved not in favor of Pablo.
Another example: female communicate information related to kind of criminal activity using two phones. She got incoming information on one phone, then passed it down using another phone. Unfortunately to her there were very short time between those two communication and LEOs using surveillance discovered the trick. Those are very old stories. Now it is easy task with developed technology. Moreover, location information could tied together folks which never communicate using their device, but those two devices (and their owners as result) very often are in close proximity. And last but not least, when you need more than one disposable phone, buy them form different distant from each other locations (no consecutive ids) and from other providers of service.

Oh really?September 28, 2018 12:50 PM

@Phaete

What about 6 phones, would that be?

It was basically a series of public posters saying "report suspicious behavior" and
it turns out that was a limited program only in London and 3 other metro areas.
How effective it actually was in making Londoners turn in local droogs, unknown.

echoSeptember 28, 2018 1:20 PM

@vas pup

Now it is easy task with developed technology. Moreover, location information could tied together folks which never communicate using their device, but those two devices (and their owners as result) very often are in close proximity. And last but not least, when you need more than one disposable phone, buy them form different distant from each other locations (no consecutive ids) and from other providers of service.

I suspect "needle in haystack" databse searches can narrow down the pool to something worth deeper examination. In combination with other databases the search can be narrowed down much further.

I can't remember the document names nor provide a citation but the document released showing how the NSA conducted needle in haystack searches, and the phone opsec rules (Clive posted once?) are a starting place such as never have your phone switched on within 50 miles of your destination and so on. Other databses covering public transport, car number plate monitoring, bank and credit card purchases, and databases covering health and lifestyle can be used to build and create include/exclude profiles. Retail data alone can provide information about dates and batches and location.

What puzzles me is all this talk about AI being used for mostly commercial stuff but obviously "hardcore" security too as well as budget saving for local government child protection services but this is never discussed in the context of the state being the target. What about absues of power, defrauding citizens of their entitlements and rights, mistakes in regulation which disenfranchise citizens, patterns of staff abusing and bullying? What about this technology being used to assist "getting behind the veil" and revealing public policy failure hidden behind "statistical averages" as I believe one political or legal case in the US within the past few months managed to do? I also wonder why tools like the NSA and GCHQ use aren't created as an open source project and available to query public policy and media and NGO databases in the same way to uncover state abuses.

HmmSeptember 28, 2018 1:52 PM

"I also wonder why tools like the NSA and GCHQ use aren't created as an open source project and available to query public policy and media and NGO databases in the same way to uncover state abuses."

Do you?

Clive RobinsonSeptember 28, 2018 5:09 PM

@ echo, Hmm,

I also wonder why tools like the NSA and GCHQ use aren't created as an open source project and available to query public policy and media and NGO databases...

If you have the Zero-Days and the appropriate technical talent, there is no "technical reason" why such tools should not be created.

In a way they have with various pen-test tools like the Metasploit Framework,

https://en.m.wikipedia.org/wiki/Metasploit_Project

And other tools for "forensic use". For which there used to be a couple of stand alone bootable CD/DVD Linux images, such as The Coroner's Toolkit (TCT),

https://en.m.wikipedia.org/wiki/The_Coroner's_Toolkit

But technological inovations are not the limiting factor. As I point out from time to time "technology is agnostic to use" and that it's "the directing mind" that determins use, but it is "others point of view" that decides if the use is good or bad, legal or illegal, or even if use should be prosecuted. Thus what is "one man's meat is another man's poison.".

Even though the Five-Eyes SigInt entities apparently break the law all the time either directly or some form of deniable deceit, they don't get prosecuted because of a "blind eye" policy. However you do something even quite mininal in the US that may even be legal, and you have some Federal types trying to send you away for ever and a day. Which unfortunately is all to easy, because since the Obama Administration overly broad scope legislation has not just been further created it's also been twisted into what many consider is prosecutorial over reach. Thus even the ability to protest is seen as a crime, worse you can apparently be jailed for breaking a "Terms of Service" agreement you might not even have signed up to, or even seen as some corporate has changed it behind your back.

However whilst you are in danger which ever way you turn, every US corporate can include privacy breaching software (telcos, MS, et al supportware / telemetry) and even damaging malware (Sony CDs) in their products without honest explanation or redress. And at one point Senator Dianne Feinstein who is not the most upstanding of individuals at the best of times promoted legislation formalising NSA practices (FISA Improvements Act) and backed legislation to give corporates immunity provided they gave the USG all the private information they had extracted from peoples personal computers, smart phones etc...

It's this sort of "target the citizen" attitudes and monopoly on surveilence techniques reinforced by highly visable "guard labour" excesses that make people think they are being treated as the enemy more so than the real national enemies and currently trumpeted existential threat enemy state.

It's almost a J.Edgar "lives" feeling with a side order of Jo McCarthy antiamerican behaviour,rant's. Where Orwell's warnings have become the new nation state blue print...

echoSeptember 29, 2018 1:32 PM

@Clive

I meant legal stuff like database querying. You could swap in legislation or legal opinion or FOI request "weapons" instead of hacking tools and exploits. I daresay this is already happening but locked up within walled garden consultancies with small discrete brass nameplates on period buildings and "if you have to ask..." rates for billable minutes.

It's no different in the UK just less graphic than the US or more constitition arresting swallowed a lemon crew in Russia. Yes, I think you're right about Orwell.I forget the quote but he said something along the lines of fascism would arrive in the UK like a cup of warm cocoa. At least the military-industry complex subsidised internet survellience economy means I can order more cheap thermal leggings for winter. I'm not a leggings person but we can pretend. That will fox the won't it?

Clive RobinsonSeptember 29, 2018 5:30 PM

@ echo,

I'm not a leggings person but we can pretend. That will fox the[m] won't it?

Hmm even in the 1980's I was neither a leggings or --Sam-- Fox person, though I'm told the both appeard fairly regularly on Page 3.

One of my less than favourite memories was a music video by Olivia Newton-John singing a song "Physical" in the worst gym fitness kit and leg warmers etc you've probably ever seen. For some reason the video was popular at a time when music jukeboxes were getting replaced with video jukeboxes. You would be sitting having a quiet pint and chat when suddenly it would be blairing out and some callow youth would be staring at the screen as though trying to memorize every frame :-S

I remember the same with the Giorgio Moroder song "What a feeling" sung by Irene Cara for the film Flashdance. The video featured "leg warmers" and a sort of black leotard... And similar callow youths would put in their money to get it played (it also featured big on MTV that was also appearing in pubs etc). But being involved with the music industry, I knew the not so secret "secret" that the body double for some of the better dance moves was actually a teenage bloke, mentioning this used to make some of the callow youths look queasy ;-)

As for FOI and similar, legal steps will not work due to the ruse of "commercial in confidence". CiC now has an ALMO (arms length managment organisation) component to give the illusion of valuable IP.

Who ever thought up the CiC ruse pulled a double blinder on the Treasury. Not only does it serve a right of center political "out sourcing" mantra to divert tax into certain pockets, it also allows for those shady neo-con style "full deniability" nasties. The one that shows the ALMO CiC systemic risk nasties at work is Grenfell...

echoSeptember 29, 2018 5:58 PM

@Clive

I liked Xanadu and Together in Electric Dreams. Oooh. I have a pair of leg warmers.

Yes, FOI has weaknesses. When I challenged my last abusive lawyer he pulled this and hid nehind the FOI Act and gave me a wall of nonsense about policy rules and expectations raised by political puffery. He refused to answer questions about the policy and amount over grant funding for my case. He was pocketing the money and doing no work. I disovered the document he withheld was available online as was the governing legislation. It was not a "small" amount as he claimed but six figures. The funding body denied any responsibility for his conduct which is puzzling as they arecovered by public interest duties on their financial expenditure and other obligations which would cover due diligence. Oh, yes. And when I complained the director hid behind being a "private company". It's like they wanted to have their cake and eat it. I was made very ill by this and it caused a big disaster I have never been able to recover from. Getting a lawyer for my case is very difficult because of the specialist nature of the case getting in the way. It's not as easy as walking in the door. I wish it was. If it was I wouldn't be in this mess and considering leaving the country and claiming asylum as I have been advised to do.

I recall Tony Blair saying this past yearor so unless I misread or misinterpreted that he regretted passing the FOI Act. Pardon?

Isn't it funny that the snoopier they get the more secretive they get. It's almost like they have something to hide.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.