ESP32 Wi-Fi CSI Surveillance Defense

Comparison to Current State

new value DIFFERENT ANGLE

Current:

New: This reel introduces specific, low-cost hardware (ESP32) used for covert data collection/sensing, providing a specific example of 'unauthorized' devices that might be components of a self-hosted (or malicious) infrastructure. It shifts the focus from cost control for legitimate business functions to identifying and defending against unauthorized, low-cost hardware deployments for surveillance.

Document through-wall Wi-Fi sensing threats and build red team CSI kit plus VPS security audit capabilities.

Business Applications

MEDIUM Physical security audit for Lead Needle offices (general)

Audit VPS1/VPS2 hosting locations and dev offices for unauthorized ESP32/IoT devices capable of CSI extraction. Implement RF scanning procedures for physical security assessments.

LOW Red team reconnaissance documentation (general)

Build proof-of-concept CSI sensing kit for authorized penetration testing. Document toolchain in ~/projects/hacking/: ESP-IDF with CSI-enabled firmware, Python CSI processing scripts, and neural network training pipeline using the labelled graphs shown (Original CSI Amplitude/Phase patterns).

Implementation Levels

Social Media Play

Corrections

Clarify that 'seeing through walls' refers to blob detection/presence sensing (as shown in the green wireframe visualization), not photographic imaging.
Note that practical deployment requires site-specific calibration and cannot be done remotely with only router credentials.

Engagement Hook

Fascinating demonstration of practical RF sensing using CSI. The resolution limits and calibration requirements make this more of a targeted attack vector than mass surveillance - definitely worth auditing for in sensitive facilities.

What This Video Covers

Tech.Explain - Educational technology channel demonstrating RF hacking concepts and hardware security research

Hook: Is it true that you can see through walls with Wi-Fi signals?

Setup requires two ESP32 boards flashed with open-source firmware
One board transmits Wi-Fi signals, the other receives across dozens of subcarriers
Channel State Information (CSI) captures phase and amplitude for each subcarrier thousands of times per second
Human body (60% water) absorbs and reflects 2.4/5GHz signals, creating detectable distortions
Neural network trained on millions of CSI patterns converts signal noise into approximate body positions
Radio waves penetrate drywall, wood, and concrete up to 30 centimeters
Potential privacy threat: actors with physical device access could deploy covert surveillance

“Wi-Fi sends data across dozens of parallel frequencies called subcarriers. Each one has something called channel state information, phase, and amplitude.”

“Your body is 60% water. Water absorbs and reflects Wi-Fi signals at 2.4 and 5 gigahertz.”

“Radio waves pass through drywall, wood, and even concrete up to 30 centimeters, it can see you through walls.”

Key Insights

Analysis Notes

What it is: Wi-Fi-based passive radar using Channel State Information (CSI) extraction from ESP32 devices to perform through-wall human detection without specialized RF hardware.

How it helps us: Critical for red team assessments: enables passive occupancy detection without emitting detectable signals that trigger IDS. Useful for blue team defense: understanding attack vectors for securing sensitive areas (server rooms, dev environments). Document in ~/projects/hacking/wifi-csi-surveillance.md.

Limitations: Not applicable to lead generation or sales workflows. Requires physical hardware placement and site-specific ML model training. Resolution insufficient for identity verification (only presence/movement blob detection).

Who should see this: Security researchers, red/blue team operators, CTF participants, physical security auditors

Reality Check

⚠️ [QUESTIONABLE] "You can see through walls with Wi-Fi signals" — Conflates presence detection with visual imaging. CSI sensing detects disturbances and approximate blob positions (low resolution heatmap), not photographic imagery. Cannot identify faces or read text through walls.
Instead: Describe as 'detect human presence through walls' or 'motion tracking through walls' to accurately convey blob-detection resolution limits shown in the 3D grid visualization.

⚠️ [QUESTIONABLE] "Anyone with router access can spy on you using this technique" — Requires physical deployment of ESP32 transmitter/receiver pair within wireless range, plus trained ML model for specific environment layout. Not achievable remotely via router exploitation alone.
Instead: Clarify that this requires physical hardware placement and site-specific calibration, distinguishing it from remote network-based surveillance.

Step	Prompt	Completion	Cost
analysis	14,966	6,001	$0.0199
similarity	1,419	404	$0.0005
plan	11,225	9,261	$0.0254
Total			$0.0458