Rui Xiao (Zhejiang University), Xiankai Chen (Zhejiang University), Yinghui He (Nanyang Technological University), Jun Han (KAIST), Jinsong Han (Zhejiang University)

In recent years, the proliferation of WiFi-connected devices and related research has led to novel techniques of utilizing WiFi as sensors, i.e., capturing human movements through channel state information (CSI) perturbations. While this enables passive occupant sensing, it also introduces privacy risks from textit{leaked WiFi signals} that attackers can intercept, leading to threats like textit{occupancy detection}, critical in scenarios such as burglaries or stalking. We propose LeakyBeam, a novel and improved textit{occupancy detection attack} that leverages a new side channel from WiFi CSI, namely beamforming feedback information (BFI). BFI retains victim's movement information, even when transmitted through walls, and is easily captured since BFI packets are unencrypted, making them a rich source of privacy-sensitive information. Furthermore, we also introduce a defense mechanism that obfuscates BFI packets, requiring minimal hardware changes. We demonstrate LeakyBeam's effectiveness through a comprehensive real-world evaluation at a distance of 20 meters, achieving true positive and negative rates of 82.7% and 96.7%, respectively.

View More Papers

ScopeVerif: Analyzing the Security of Android’s Scoped Storage via...

Zeyu Lei (Purdue University), Güliz Seray Tuncay (Google), Beatrice Carissa Williem (Purdue University), Z. Berkay Celik (Purdue University), Antonio Bianchi (Purdue University)

Read More

Towards Establishing a Systematic Security Framework for Next Generation...

Tolga O. Atalay (A2 Labs LLC), Tianyuan Yu (UCLA), Lixia Zhang (UCLA), Angelos Stavrou (A2 Labs LLC)

Read More

LeakLess: Selective Data Protection against Memory Leakage Attacks for...

Maryam Rostamipoor (Stony Brook University), Seyedhamed Ghavamnia (University of Connecticut), Michalis Polychronakis (Stony Brook University)

Read More

Rethinking Trust in Forge-Based Git Security

Aditya Sirish A Yelgundhalli (New York University), Patrick Zielinski (New York University), Reza Curtmola (New Jersey Institute of Technology), Justin Cappos (New York University)

Read More