WiFi Signals Reveal Human Activities Through Walls by Mapping Body Keypoints

There are serious security and surveillance concerns because π RuView, a new open-source edge AI system, is transforming standard WiFi infrastructure into a through-wall human-sensing platform that can detect body pose, vital signs, and movement patterns without the need for a single camera This article explores wifi densepose sensing. . Researchers and developers have long theorized that ambient radio signals could be weaponized for passive surveillance.

The code for that theory is now ready for production. RuView, created by developer Reuven Cohen and accessible on GitHub, uses WiFi DensePose, a sensing method first developed by Carnegie Mellon University, as a useful, inexpensive edge system that uses only common WiFi signals to reconstruct full-body human poses through walls. The Attack Surface's Operation Fundamentally, the system optimizes signal transmission by taking advantage of Channel State Information (CSI) metadata that WiFi hardware already gathers.

Signal paths across dozens of OFDM subcarriers are distorted when a human body moves in a wireless environment. RuView's signal processing pipeline uses Rust to record these disruptions at 54,000 frames per second. It then uses a modified DensePose-RCNN deep learning architecture taken from computer vision to extract amplitude and phase variations.

The end product is a real-time reconstruction of 24 body surface regions, including the arms, torso, head, and joints, mapped to UV coordinates that replicate what a camera would see but are solely based on radio frequency signals. Vital sign extraction occurs in parallel: heart rate (40–120 BPM) is detected by 0.8–2.0 Hz filtering, while breathing (6–30 BPM) is captured by bandpass filtering at 0.1–0.5 Hz.

Find out more about malware Platform for threat intelligence Protection against data breaches The hardware barrier, or its near absence, is the most concerning aspect of security. RuView creates a multistatic sensor mesh using ESP32 microcontroller nodes, which cost about $1 apiece. With no reliance on the cloud, four to six nodes combine more than twelve overlapping signal paths to provide 360-degree room coverage with sub-inch accuracy.

Through-wall detection uses multipath modeling and Fresnel zone geometry to reach a depth of up to five meters. The system, a persistent field model that can also identify attempts at signal spoofing, learns the RF "fingerprint" of each room over time and then subtracts the static environment to isolate human motion. The latency for detecting presence is less than one millisecond.

Passive WiFi CSI sensing is invisible and doesn't require physical access to the target environment, in contrast to cameras, which are subject to GDPR, CCPA, and physical installation regulations. According to legal analysis, "it's quite difficult to ask pedestrians for permission in advance," and when sensing is passive, consent frameworks completely fall apart. WiFi tracking identifiers are already considered personal data under GDPR, but CSI-based body pose extraction operates in a regulatory gray area with no clear controls.

The attack scenario is simple: a threat actor installs RuView via Docker (docker pull ruvnet/wifi-densepose:latest), plants a $5 ESP32 node in a building's common area or close to a WiFi access point, and starts silently mapping occupants' movements, routines, and even biometric vitals through walls.

Passive RF sensing should be viewed by security teams as a new physical-layer threat vector. RF shielding in sensitive facilities, keeping an eye out for rogue ESP32-class devices on network segments, and pushing for legislative frameworks that expand surveillance law to include CSI-based human tracking before technology completely outpaces policy are examples of mitigations. X, LinkedIn, and X for daily updates on cybersecurity.

To have your stories featured, get in touch with us.