If someone is worried that their government could be flashing the firmware of their WiFi router to use the beamforming antennae of the router to track them walking around their home....
Then they should be way more worried that their government is using any access to their wifi router at all. Like, you got way bigger things to worry about at that point, right?
There are a million surveillance side-channels that could be used to build profile-able information about what is happening inside a home from the outside. The concern isn't that those things are possible (they always will be) the concern should be that there are authorities who could be (mis)using such avenues and not explicitly being disallowed in the first place.
I disagree. The trajectory of technology generally is:
possible -> prototype -> product -> common -> common and cheap
If Wi-Fi surveillance were to become common and cheap, other methods would be produced to make data harvesting common and cheap to the surveillance state/bigco. The best way to avoid that dystopia is to safeguard it early in the process.
What I'm trying to get at is, even if this type of Wifi surveillance becomes commong and cheap, it still requires access at a low level to the wifi router itself. Which should be hands-off in the first place. It's like having cameras in your house on your local network... if the police could legally hack into your network, they could watch you on the cameras to see if you are committing crimes! But... the point is they shouldn't be able to do that, regardless if you have the cameras or not... the line is drawn at the access.
Same thing there. It shouldn't matter if the tech is possible, produced, cheap, and installed in your home.... it's all moot if the act of the surveillance isn't followed through. We need to work towards ways to prevent the acts themselves, as we simply aren't going to be able to prevent the possible sidechannel attacks from being possible. They are always possible.
> it still requires access at a low level to the wifi router itself
Nope, remote sensing only requires custom radio firmware on the passive surveillance receiver (<$20) that is monitoring Wi-Fi reflections from standard consumer routers which are "near" the target, https://news.ycombinator.com/item?id=34480760
Wi-Fi access points are often provided by ISPs. ISPs, especially in the US, are not to be trusted; https://security.stackexchange.com/q/71834 is just one example of that.
In Australia we have the Assistance and Access amendment to the Telecommunications Act 1997, which allows the government to demand that companies or individuals insert backdoors into their products for use by law enforcement. My WAP/router already tries to update its own firmware, what’s to stop the govt forcing in new firmware with full cooperation from the vendors that enable this passive sensing and allow access to the output?
Well someone has to pay for the tech. Its not free. And that puts an automatic upper limit on what happens.
People have no idea how much debt Police depts (lets not even talk about the military) have racked up playing with high tech toys and paying off compensation every 2 days for people they accidentally harm or kill. So whats funny here as Big Bro gets access to more and more tools the more broke he gets.
And guess what the financiers of this debt will do when it cant be paid off. Raid police pension funds. Thats how financialization of public service works
No free lunch big bro. Have fun with all the "cool toys" while the good times last.
The linked paper "Et Tu Alexa?" uses a single smartphone positioned outside of the property
> We show that just by sniffing existing WiFi signals, an
adversary can accurately detect and track movements of users
inside a building. This is made possible by our new signal model
that links together human motion near WiFi transmitters and
variance of multipath signal propagation seen by the attacker
sniffer outside of the property.
> Then they should be way more worried that their government is using any access to their wifi router at all.
We should be worried about ISPs too. They give themselves access to their customer premises equipment. I had to hack their router to put it into bridge mode and then use another router with software I control to connect.
You don't think that there is some agency like the NSA or such that can access your full Google search history and location in real time? There might even be some individuals with access that doesn't even require search warrants or anything.
I’m curious as to which government you think isn’t going to use surveillance tools on you, even if they aren’t exactly legal. I mean, after Echelon we still had the tinfoil disbelief to fall back on, but in a post-Snowden world it’s hard to imagine why you would think your government wouldn’t do this.
You’re not exactly wrong in that you should also be worrying about: Boundless Information, Bullrun, Carnivore, DSCNet, Fairview, ICREACH, Magic Lantern, Main Core, Mainway, Media Monitoring Services, Muscular, Mystic, Nationwide Suspicious Activity Reporting Initiative, NSA Ant Catalog, PRISM, Room641A, Sentry Eagle, Special Collection Service, Stellar Wind, Tailored Access Operarions, Turbulence, and, X-Keyscore if you’re American. But that doesn’t mean you shouldn’t also worry about this, just as much.
Then they should be way more worried that their government is using any access to their wifi router at all. Like, you got way bigger things to worry about at that point, right?
There are a million surveillance side-channels that could be used to build profile-able information about what is happening inside a home from the outside. The concern isn't that those things are possible (they always will be) the concern should be that there are authorities who could be (mis)using such avenues and not explicitly being disallowed in the first place.