Yanzi Zhu (UC Santa Barbara), Zhujun Xiao (University of Chicago), Yuxin Chen (University of Chicago), Zhijing Li (UC Santa Barbara), Max Liu (University of Chicago), Ben Y. Zhao (University of Chicago), Heather Zheng (University of Chicago)

Wireless devices are everywhere, constantly bombarding us with transmissions across a wide range of RF frequencies. Many of these invisible transmissions reflect off our bodies, carrying off information about our location, movement, and other physiological properties. While a boon to professionals with carefully calibrated instruments, they may also be revealing our physical
status to potential attackers nearby.

Our work demonstrates a new set of silent reconnaissance attacks that leverages the presence of commodity WiFi devices to track users inside private homes and offices, without compromising any WiFi network, data packets, or devices. We show that just by sniffing existing WiFi signals, an
adversary can accurately detect and track movements of users inside a building. This is made possible by our new signal model that links together human motion near WiFi transmitters and variance of multipath signal propagation seen by the attacker sniffer outside of the property.
These attacks are cheap, highly effective, and difficult to detect. We implement
the attack using a single commodity smartphone, and deploy it in 11 real-world offices and residential apartments, and show it is highly effective. Finally, we evaluate potential defenses, and
propose a practical and effective defense based on AP signal obfuscation.

View More Papers

Strong Authentication without Temper-Resistant Hardware and Application to Federated...

Zhenfeng Zhang (Chinese Academy of Sciences, University of Chinese Academy of Sciences, and The Joint Academy of Blockchain Innovation), Yuchen Wang (Chinese Academy of Sciences and University of Chinese Academy of Sciences), Kang Yang (State Key Laboratory of Cryptology)

Read More

ConTExT: A Generic Approach for Mitigating Spectre

Michael Schwarz (Graz University of Technology), Moritz Lipp (Graz University of Technology), Claudio Canella (Graz University of Technology), Robert Schilling (Graz University of Technology and Know-Center GmbH), Florian Kargl (Graz University of Technology), Daniel Gruss (Graz University of Technology)

Read More

Compliance Cautions: Investigating Security Issues Associated with U.S. Digital-Security...

Rock Stevens (University of Maryland), Josiah Dykstra (Independent Security Researcher), Wendy Knox Everette (Leviathan Security Group), James Chapman (Independent Security Researcher), Garrett Bladow (Dragos), Alexander Farmer (Independent Security Researcher), Kevin Halliday (University of Maryland), Michelle L. Mazurek (University of Maryland)

Read More

Into the Deep Web: Understanding E-commerce Fraud from Autonomous...

Peng Wang (Indiana University Bloomington), Xiaojing Liao (Indiana University Bloomington), Yue Qin (Indiana University Bloomington), XiaoFeng Wang (Indiana University Bloomington)

Read More