What happens is that a large body of water (pun intended) has the ability to absorb and reflect wifi signals as it moves through the room. For this you need to generate traffic and measure for instance RSSI or CSI (basically, signal strength) of the packets. If you increase frequency you can detect smaller movements such as arms moving vs. a body, or exclude pets if you reduce sensitivity. It works well for detecting presence and movement in a defined space, but ideally requires you to cross the path between two mains-powered devices, such as light bulbs or wifi mesh points. Passing a cafe doesn't seem too likely.
If you want to do advanced sensing, trying to identify a person, I would postulate you need to saturate a space with high frequency wifi traffic, ideally placed mesh points, and let the algo train on identifying people first by a certain signature (combination of size/weight, movement/gait, breath / chest movements).
Source: I worked on such technologies while at Signify (variants of this power Philips/Wiz "SpaceSense" feature).
You are confusing it with the earlier methods. This is similar but not the same method that doesn't use RSSI or CSI and it is passive.
This approach relies solely on the "unencrypted parts of legitimate traffic".
The attacker does not need to send any packets or "generate" their own traffic; they simply "listen" to the natural communication between an access point and its clients.
BFI is much more complex than simple signal strength. RSSI is an aggregation of information that the researchers describe as "not robust" for fine-grained tasks
In contrast, BFI is a high-resolution, compressed representation of signal characteristics.
This rich data allows the system to distinguish between 197 different individuals with 99.5% accuracy, something impossible with basic RSSI.
While older CSI methods often focused on walking directly between a specific transmitter and receiver (Line-of-Sight), BFI allows a single malicious node to capture "every perspective" between the router and all its legitimate clients.
Also CSI requires specialized hardware and custom firmware, this one isn't, just wifi module in monitor mode.
Thank you for adding this context of this particular research, I do see that it relies on MU-MIMO information, which does rely on more powerful WiFi infrastructure than the basic ESP32's I am referring to.
If you want to do advanced sensing, trying to identify a person, I would postulate you need to saturate a space with high frequency wifi traffic, ideally placed mesh points, and let the algo train on identifying people first by a certain signature (combination of size/weight, movement/gait, breath / chest movements).
Source: I worked on such technologies while at Signify (variants of this power Philips/Wiz "SpaceSense" feature).
More here: https://www.theverge.com/2022/9/16/23355255/signify-wiz-spac...