WiFi-Based Human Sensing, Dense Pose Estimation, and the Surveillance Infrastructure Already in Your Home
In January 2023, researchers Jiaqi Geng, Dong Huang, and Fernando De la Torre at Carnegie Mellon University's Robotics Institute published a paper that made global headlines: "DensePose From WiFi."[1] The system uses a neural network architecture to estimate dense human body pose — mapping 24 body regions onto UV coordinates — using only WiFi signals as input. No cameras. No wearables. No line of sight required. The system works through walls, in darkness, and with multiple subjects simultaneously.
The architecture pairs a two-branch encoder-decoder that translates WiFi Channel State Information (CSI) amplitude and phase data into 2D feature maps, then feeds these into a modified version of Meta's DensePose-RCNN to produce full body surface estimations.[1] The results demonstrated comparable visual performance to camera-based pose estimation systems — a finding that immediately raised questions far beyond computer science. If commodity WiFi routers can generate human body imagery through solid walls, the implications for privacy, surveillance, and intelligence collection are profound.
By observing the propagation of radio waves, we can create an image of the surroundings and of persons who are present. This works similar to a normal camera, the difference being that radio waves instead of light waves are used.
WiFi sensing exploits a fundamental physical principle: radio waves at 2.4 GHz and 5 GHz interact with the human body in measurable, person-specific ways. Every human body absorbs, reflects, and scatters WiFi signals differently based on body composition, posture, movement patterns, and even breathing rhythm. These interactions are captured in Channel State Information (CSI) — per-subcarrier amplitude and phase data that describes how a signal changes as it propagates from transmitter to receiver.[6]
CSI provides far richer data than the simple Received Signal Strength Indicator (RSSI) used in earlier WiFi-based systems. Where RSSI offers a single coarse measurement, CSI captures fine-grained, PHY-layer information across dozens or hundreds of subcarriers simultaneously — effectively creating a multi-dimensional snapshot of the electromagnetic environment.[6] When a human moves through that environment, they create characteristic disturbances that machine learning models can decode into activity recognition, pose estimation, gesture detection, and even biometric identification.
The Carnegie Mellon DensePose system uses three TP-Link WiFi routers transmitting 1D CSI signals. The neural network learns to map the relationship between CSI perturbations and human body surfaces by training on synchronized WiFi and camera data, then operates WiFi-only at inference time.[1] The system successfully estimates poses of multiple people simultaneously, even when subjects are partially or fully occluded from any camera angle — because radio waves, unlike light, penetrate walls, furniture, and other obstacles.
In October 2025, researchers Julian Todt, Felix Morsbach, and Thorsten Strufe at the Karlsruhe Institute of Technology (KASTEL) presented findings at the ACM Conference on Computer and Communications Security that escalated the threat model significantly.[5] They demonstrated that Beamforming Feedback Information (BFI) — a feature introduced in WiFi 5 (802.11ac) for higher bandwidth — creates an entirely passive surveillance channel. Unlike CSI-based approaches that require specialized firmware to extract raw signal data, BFI is transmitted unencrypted over the air by any WiFi device performing beamforming. Any device within range can record it without any interaction with the target network.[4]
In a study of 197 participants, the KASTEL team achieved near-100% identity inference accuracy — regardless of walking style, perspective, or viewing angle.[5] The system does not require the target to carry any device. It does not require access to the target's WiFi network. It requires only that WiFi devices in the target's environment are communicating with each other. As the researchers warned: "This technology turns every router into a potential means for surveillance... you could be identified without noticing it and be recognized later — for example by public authorities or companies."[5]
Previous WiFi sensing attacks required custom firmware (e.g., Intel 5300 or Atheros CSI tools) or specialized devices like ESP32-S3 boards with external antennas.[11] BFI-based sensing requires nothing but a standard WiFi device — a laptop, a phone, a Raspberry Pi. The information is broadcast in the clear by legitimate network devices as part of normal WiFi operation. This makes it fundamentally different from prior approaches: it is passive, undetectable, and requires no compromise of the target's equipment.[4]
In July 2025, researchers Danilo Avola, Daniele Pannone, Dario Montagnini, and Emad Emam at La Sapienza University of Rome published "WhoFi: Deep Person Re-Identification via Wi-Fi Channel Signal Encoding" — demonstrating that the way a human body interferes with WiFi signal propagation creates a unique biometric signature that can be used to track individuals across locations and time.[3]
Re-identification is distinct from initial identification. It answers the question: is this the same person I saw before? The WhoFi system processes CSI data through a deep neural network with transformer encoding architecture to generate person-specific signatures from WiFi signal distortions. On the public NTU-Fi dataset, it achieved 95.5% accuracy in matching subjects across different environments.[3]
The implications are staggering. Unlike camera-based re-identification, WiFi-based tracking is not affected by lighting conditions, operates through walls and obstacles, and works whether or not the target is carrying any electronic device.[3] A network of WiFi access points — which already blankets most urban environments — could theoretically track individuals as they move through cafés, offices, transit stations, and private residences without any visible surveillance infrastructure.
WhoFi builds on EyeFi, a 2020 technique that achieved approximately 75% re-identification accuracy using WiFi CSI.[3] The jump to 95.5% in five years demonstrates the rapid trajectory of this capability. As deep learning architectures improve and WiFi sensing hardware becomes standardized under IEEE 802.11bf, these accuracy numbers will only increase.
The researchers positioned WiFi sensing as "privacy-preserving" relative to cameras — arguing that it captures electromagnetic signatures rather than visual images. This framing obscures a critical point: a system that can identify you with 95.5% accuracy through walls, without your knowledge or consent, is not privacy-preserving. It is surveillance infrastructure dressed in academic language.
WiFi sensing is not a laboratory curiosity. It is a commercially deployed, revenue-generating product category already operating in millions of homes worldwide.
Canadian company Cognitive Systems has deployed its WiFi Motion sensing technology across 37+ internet service providers globally, including major ISPs in North America, Europe, and Asia-Pacific.[8] The software installs directly on customer access points, converting existing connected devices into motion sensors. Launched commercially at CES 2020, it is now described as "the most widely deployed Wi-Fi Sensing technology" in the world.[8] The company is expanding to embed sensing capabilities directly into WiFi SoC chipsets — meaning future routers and devices will ship with sensing built in at the silicon level.
Origin Wireless, spun out of research at the University of Maryland, offers WiFi sensing as a platform for ISPs and security companies. Their system transforms smart devices into "advanced virtual sensors" for motion detection, intrusion alerts, and home monitoring.[9] The company works across multiple network architectures, giving service providers flexibility in deployment — and giving end users little visibility into what data is being collected from the electromagnetic environment of their homes.
The IEEE 802.11bf task group (TGbf) is developing an amendment to the WiFi standard that formally adds sensing as a core capability.[7] NIST has published analysis of the standard. The Wi-Fi Alliance has issued deployment guidelines. The amendment covers bistatic and multistatic sensing in the 2.4, 5, and 6 GHz bands — and above 45 GHz for directional sensing.[7] Once ratified, every WiFi-certified device will be capable of sensing by design. The standard includes no privacy protection framework.
Espressif, maker of the ubiquitous ESP32 microcontroller, maintains an open-source WiFi CSI repository enabling indoor positioning and human detection on sub-$5 hardware.[12] This democratizes WiFi sensing capability to any hobbyist, security researcher, or state actor with a few dollars and basic programming knowledge.
In February 2026, ZaiNar emerged from nine years of stealth operation with $100M+ in funding and a valuation exceeding $1 billion.[10] The company's technology achieves sub-meter indoor positioning by exploiting the timing of existing WiFi, 5G, and cellular signals — no dedicated hardware, no GPS dependency. Backed by Steve Jurvetson (SpaceX board), Jerry Yang (Yahoo co-founder), and Jaan Tallinn (Skype founding engineer), ZaiNar has secured over $450 million in contracts and memoranda of understanding with unnamed carrier and enterprise partners.[10]
The defense applications are explicit in ZaiNar's own messaging: "Defense applications depend on GPS, which can be jammed or spoofed, while ZaiNar's approach uses existing cellular and WiFi signals that can't be fooled the same way."[10] This positions ZaiNar as a GPS-denied positioning system for military operations — using the same WiFi infrastructure that DensePose, WhoFi, and BFI sensing use for human tracking.
The convergence is unmistakable: WiFi sensing tells you what someone is doing. ZaiNar tells you exactly where they are. Combined, they create a comprehensive human surveillance system that operates through walls, requires no target cooperation, uses existing infrastructure, and leaves no detectable trace. Neither technology requires the target to carry a device. Neither requires access to the target's network. Both operate in the same 2.4/5 GHz spectrum used by billions of WiFi devices worldwide.
WiFi operates at 2.4 GHz and 5 GHz — frequencies in the microwave band of the electromagnetic spectrum. These are the same frequencies that the Soviet bioelectromagnetics program identified as biologically active at remarkably low power levels: researchers documented changes in brain bioelectric activity at exposures as low as 10 μW/cm² at 2,375 MHz — effectively the WiFi band.[16] The Moscow Signal — the microwave bombardment of the US Embassy from 1953 to 1976 — operated in overlapping frequency ranges.
The Havana Syndrome hypothesis — that pulsed microwave energy in the low-GHz range can cause neurological damage — sits on the same spectrum as WiFi sensing. The difference is intent and power: WiFi routers transmit at approximately 100 mW (20 dBm); a directed-energy weapon would concentrate far higher power densities on a target. But the sensing capability is a function of the frequency, not the power. The same 2.4 GHz signals that carry your internet data are simultaneously illuminating your body, and any sufficiently sophisticated receiver can read the reflections.
This creates a strategic paradox: the ubiquity that makes WiFi useful for communications also makes it useful for surveillance. You cannot have one without enabling the other. Every WiFi router is a potential radar illuminator. Every WiFi device is a potential sensing node. The IEEE 802.11bf standard will formalize this dual-use reality — and the researchers at KASTEL have warned that it includes no privacy protections.[5]
WiFi-based human sensing has crossed from academic research to commercial deployment without a corresponding development of legal or technical safeguards. The capability trajectory is clear: from detecting motion (2009), to tracking humans through walls (2012), to estimating full body pose (2023), to biometric re-identification at 95.5% accuracy (2025), to passive identity inference with no special hardware at near-100% accuracy (2025). Each step has been published in open academic literature. Each step has been achieved using increasingly commodity hardware. Each step has moved closer to passive, undetectable, warrantless surveillance.
The commercial ecosystem is already built. Cognitive Systems operates in 37+ ISPs. Origin Wireless sells to security companies. Espressif provides open-source CSI tools. ZaiNar adds sub-meter positioning. IEEE 802.11bf will standardize sensing in every future WiFi chipset. The infrastructure for comprehensive, through-wall, device-free human surveillance already exists in the WiFi networks of billions of homes, offices, and public spaces worldwide.
No law in any jurisdiction specifically addresses WiFi-based sensing as a surveillance method. The Fourth Amendment's Kyllo precedent addressed thermal imaging in 2001 but has not been extended to electromagnetic sensing. The KASTEL researchers' warning is worth repeating: "With WiFi networks being ubiquitous in our everyday lives, the impact of unknown privacy threats is likely severe."[4] The spy is not at the door. The spy is the door.
With this hardware making its way into millions of homes, the privacy concerns are severe. As BFI is transmitted unencrypted over the air, no specialized hardware with custom firmware is necessary to record it.