[networked]

>A standard Wi-Fi router could be adapted to function as a receiver.

The article and the embedded video do not make it entirely clear but if this technology could be deployed in existing Wi-Fi routers with relative ease [1] then it could have far-going implications for both privacy and the physical security of anywhere where there's Wi-Fi. Once it's easy enough to deploy on a hacked device that a hired script kiddie can do it even simple burglars could take an interest in residential routers to know when nobody's home.

I wonder if this will affect the market for embedded Linux security consulting in a major way.

[1] I.e., without modifying the hardware and with no need for manual calibration.

[deserted]

From the paper [1]

The WiSee proof-of-concept is implemented in GNURadio using the USRP-N210 hardware.

Each USRP is equipped with a XCVR2450 daughterboard, and communicates on a 10 MHz channel at 5 GHz. Since USRPN210 boards cannot support multiple daughterboards, we built a MIMO receiver by combining multiple USRP-N210s using an external clock. In our evaluation, we use MIMO receivers that have up to five antennas. We use single antenna USRP-N210s as transmitters.

So basically, they are using 6+ USRPs at $1400+ each to do these experiments. However, since each USRP is communicating on a 10MHz channel at 5GHz, someone with between two and five MIMO 802.11n Wi-Fi devices could theoretically do the same.

[1] http://wisee.cs.washington.edu/wisee_paper.pdf

[gipsies]

Even with enough MIMO 802.11n devices it's still practically impossible. They essentially need access to the raw signals to do all their calculations, but this isn't provided by drivers/firmware/devices.

If you're really lucky you have a device with open source firmware [1]. However even that firmware can only interface with the PHY layer by writing to registers to change the configuration of the device. Essentially the modulation of the signals is done in hardware, and you only control MAC aspects of it (things like disabling carrier sense is possible, changing backoff behavior, inter-frame wait timings, etc). But you can't access the real signal, it's a hardware limitation, so this not possible using existing devices.

[1] https://github.com/qca/open-ath9k-htc-firmware

[thinkling]

I think you'd still have to hack the routers to provide the external clock, as the whole scheme depends on accurate sensor fusion between multiple antennas.

[aortega]

Not only you have to hack the routers, once inside the router you'll have to flash a custom wireless firmware, or "radio" firmware. And also the Chipset must be flexible enough to allow all the iFFT shenanigans. I think it's a stretch to say you could do this with a common wifi device, maybe with a very specific wifi chipset you could, and maybe you could make it work with bluetooth or wireless phone chipsets aswell.

That said, it's an excellent paper about a soft-based radar.

[darkarmani]

IIRC, I think there are some weird FCC rules about external synchronization of radio transmitters. Using the clock would be ok, but synchronizing using out-of-band signals is a problem for some reason. (This is hazy, but I remember working around issues synchronizing UHF (915MHz) RFID readers).

[nahname]

Honest question, how can you have a 10MHz channel at 5GHz?

[dangrossman]

"5GHz" really means 4.915GHz-5.825GHz, the frequencies in which 802.11n is allowed to operate. You could split that up into many 10MHz wide "channels" of non-overlapping frequencies.

[ig1]

It's already been done:

http://www.extremetech.com/extreme/133936-using-wifi-to-see-...

[est]

Check out another video from the article

http://www.youtube.com/watch?v=wK_u8-UQmOs

Send ultra sound from the laptop speaker, pickup with mic, detects hand guestures.

[MichaelGG]

Determining when nobody is home is already not that hard. Just ping the devices registered with DHCP, over a few days. Should be fairly easy to identify which devices are phones and alert you when none of the phones are responding.

[touristtam]

Just need to ensure a proper counter measure is (1) available and (2) legal.