Defeating CSI obfuscation mechanisms: A study on unauthorized Wi-Fi Sensing in wireless sensor network

The proliferation of Wi-Fi sensing technology has raised significant privacy concerns due to potential unauthorized environmental monitoring. As a typical countermeasure, the Channel State Information (CSI) fuzzer uses a time-varying filter at the transmitter to obfuscate CSI, allowing only legitimate receiver who has the pre-shared filter parameters as keys to restore the original CSI. In this work, we present SnoopFi, a framework enabling unauthorized reconstruction of environment-matching sensing signals from obfuscated CSI, even with limited training samples. SnoopFi acquires accurate raw CSI when attackers exploit security vulnerabilities to obtain keys. It can also generate a new base signal that reflect the physical environment for sensing when the attackers’ capabilities are limited. SnoopFi employs two strategies to negate the filter’s effects: (1) The attacker first attempts to guess the keys, and then it inverts the filter by modeling the nonlinear relationship between the filter’s response and the keys; (2) With multiple receiving antennas, the attacker utilizes the ratio of CSIs between different antennas to wipe off the filter effect. Once the obfuscation is removed, SnoopFi uses a few-shot learning technique for precise sensing of user localization with constrained training samples. The experimental results show that SnoopFi achieves localization accuracies of 91.79% and 92.05% under the two strategies, respectively, with an average of only 18 samples per class.