Through Wall People Localization Exploiting Radio Windows

Abstract: We introduce and investigate the ability of an attacker to surreptitiously use an otherwise secure wireless network to detect moving people through walls, in an area in which people expect their location to be private. We call this attack on location privacy of people an "exploiting radio windows" (ERW) attack. We design and implement the ERW attack methodology for through wall people localization that relies on reliably detecting when people cross the link lines by using physical layer measurements between the legitimate transmitters and the attack receivers. We also develop a method to estimate the direction of movement of a person from the sequence of link lines crossed during a short time interval. Additionally, we describe how an attacker may estimate any artificial changes in transmit power (used as a countermeasure), compensate for these power changes using measurements from sufficient number of links, and still detect line crossings. We implement our methodology on WiFi and ZigBee nodes and experimentally evaluate the ERW attack by monitoring people movements through walls in two real-world settings. We find that our methods achieve very high accuracy in detecting line crossings and determining direction of motion.