Your WiFi router does more than connect you to the internet. The radio waves it sends are bouncing off everything in your room, including you. And those reflections contain a surprising amount of information.

This is called CSI sensing, and it is quietly becoming a big deal in security, smart homes, and healthcare.

What is CSI?

CSI stands for Channel State Information. When WiFi signals travel from your router to your phone, they dont go in a straight line. They bounce off walls, furniture, and people. This is called multipath propagation.

Modern WiFi (802.11n and newer) divides its channel into many subcarriers. For each one, the system measures amplitude (signal strength) and phase (timing). This data is CSI.

Here is why this matters: when a person moves through a room, they disturb these signal paths. The human body contains a lot of water, which affects radio waves significantly. This disturbance shows up in CSI data as measurable changes.

So if you can read CSI data and analyze it properly, you can detect human presence and movement without any cameras or sensors on the person.

How it actually works

Think about throwing a stone in a pond. The ripples spread out and reflect off the edges. If someone walks through the water, the ripple pattern changes in a predictable way.

WiFi signals work similarly. There are regions between transmitter and receiver called Fresnel zones where signals interfere with each other. When you walk through these zones, you cause phase shifts that can be detected.

The processing pipeline looks like this:

First you collect raw CSI data from WiFi hardware. Then you clean it up, remove noise, fix phase errors. After that you extract features like variance, frequency components, correlation patterns. Finally you feed this into a classifier, could be SVM, could be a neural network like LSTM or CNN.

Recent papers from 2024 and 2025 report accuracy rates above 99% for activity recognition on standard datasets. Real world performance is lower, but still impressive.

What can you do with this?

Detecting people

The most basic application. Is someone in the room or not? This works even through walls, which is something cameras cannot do. You dont need line of sight.

Activity recognition

With good training data, you can distinguish walking from sitting from falling. This is useful for elderly care. If grandma falls and doesnt get up, the system can alert someone. No wearable device needed.

Vital signs

This one surprised me when I first learned about it. When you breathe, your chest moves a few millimeters. This tiny movement creates detectable changes in CSI. Researchers have demonstrated breathing rate detection and even heart rate estimation in controlled conditions.

Intrusion detection

This is where it gets interesting from a security perspective. Traditional motion sensors have problems. They have blind spots. They can be fooled if you move slowly enough. They need to be installed and maintained.

CSI based intrusion detection uses your existing WiFi infrastructure. It can detect slow, careful movement that would fool a PIR sensor. It works through walls. The intruder cannot see where the sensors are because there are no sensors, just your router.

Systems like Wi-Alarm have shown reliable detection of various intrusion patterns in research settings.

Counting people

You can estimate how many people are in a room. Useful for building management, energy savings, or compliance with occupancy limits.

How to Get Started – Technical Implementation

The cheapest way to experiment with CSI sensing is an ESP32 microcontroller. Espressif provides an official esp-csi toolkit on GitHub. You flash the firmware, connect the ESP32 to your WiFi network, and it starts outputting raw CSI data over serial. The data includes amplitude and phase for each subcarrier, typically 52 values per packet at 100-200 packets per second. From there you pipe it into Python for processing. Basic presence detection works by calculating variance across subcarriers. When someone moves, variance spikes. When the room is empty, it stays flat. You can get this working in an afternoon.

For better results you need better hardware. Raspberry Pi 4 with Nexmon firmware gives you access to CSI from the Broadcom WiFi chip. More subcarriers, cleaner phase data, higher sample rates. The setup is more involved, you need to patch the firmware and compile kernel modules, but there is good documentation. Intel 5300 NIC is the classic research platform with the most published code to reference, but requires an older laptop with mini PCIe slot. Once you have data flowing, the processing pipeline is standard: denoise with a low-pass filter or PCA, extract features like variance, entropy, dominant frequency from FFT, then train a classifier. Start with SVM for binary presence detection before moving to LSTM or CNN for activity recognition. Scikit-learn and PyTorch both work fine. The main challenge is not the code, it is collecting good training data for your specific environment.

Law enforcement and intelligence use

This is not just academic research. Government agencies are already using this technology operationally.

The US Department of Homeland Security has been developing through-wall sensing systems for years. Their latest project, DePLife (Detect Presence of Life), was developed with MIT Lincoln Lab. In 2024, six law enforcement agencies across California, Texas and South Carolina conducted field assessments of the technology. The system uses radar on WiFi frequencies to detect human presence through walls, showing results on a mobile app.

Israeli company Camero-Tech makes the Xaver series, which is already deployed by military and police units worldwide. Their XLR80 model can detect people through concrete walls from over 100 meters away. It shows real-time position, movement direction, and can even detect breathing of stationary targets.

MaXentric sells the Detex Pro to US law enforcement for around 6000 dollars. It is compact enough to lean against a wall and streams results to a smartphone. Police have used similar devices in hostage situations and warrant services.

The Range-R is another device in active use by US police departments. It can detect movement and breathing through standard building materials.

What makes WiFi CSI interesting is that you do not need specialized military hardware. The same physics works with commercial routers and cheap microcontrollers. The difference is range and reliability, but the basic capability is accessible to anyone.

The security angle

I work in cybersecurity, so I see two sides here.

On one hand, CSI sensing is a powerful tool. You can monitor spaces without visible cameras, which some people prefer for privacy. It works in darkness. It is hard to detect or jam. It uses infrastructure you already have.

On the other hand, the same capabilities create risks. If an attacker has access to your WiFi network, they could potentially monitor your activities. Research has shown CSI can be used to infer keystrokes, identify individuals by their gait, and build activity profiles.

This is not theoretical. The technology exists in commercial products and government hands. Whether it becomes a widespread threat depends on how aware people are and how we design systems going forward.

Getting started practically

If you want to experiment with this, you have options at different price points.

The cheapest is ESP32, around 5 euros. Espressif provides official CSI tools and it is relatively easy to get started. The data quality is moderate but enough for presence detection.

Raspberry Pi with Nexmon firmware is maybe 50 euros total. Better CSI quality, more flexibility, but requires more setup.

Intel 5300 NIC is the classic research platform. Good data quality, lots of existing code and papers to reference. You need a compatible laptop though.

For software, check out the ESP-CSI repository from Espressif, or the Linux CSI Tool for Intel hardware.

A good first project is simple presence detection. Binary classification, room empty versus occupied. Once that works, you can try activity classification or multi-room setups.

Limitations

I should be honest about the challenges.

Environment sensitivity is the big one. A model trained in your living room probably wont work in your office without retraining. Even moving furniture can break things. This is an active research area but not solved.

Hardware support varies. Not every WiFi chipset exposes CSI data. Consumer routers usually dont. You need specific hardware or firmware modifications.

Multi-person scenarios are hard. When two people are moving, separating their contributions to the signal is complicated.

Real-time processing needs decent hardware. If you want to run neural networks on CSI data continuously, you need computing power.

Where this is going

WiFi 7 is coming with wider channels, which means more subcarriers and finer resolution. Some enterprise vendors like Huawei already ship access points with built-in CSI sensing for smart building applications.

I expect we will see more commercial products in the next few years. The question is whether security and privacy considerations keep pace with the capabilities.

Final thoughts

The WiFi signals in your home carry more information than most people realize. This technology is real, it is improving, and it has both positive and concerning applications.

For security professionals, it is worth understanding. For everyone else, it is worth being aware that walls dont provide as much privacy as you might think.