Human presence by Wi-Fi scanning (monitor mode). Wi-Fi surveillance

1

Hi,

I would like to take advantage of the R-Pi3 Wi-Fi capabilities to exploit passive surveillance of wireless devices, what some other could adventure to call “Human Presence Surveillance”. Please note that this is not about the “known-device presence” which is already well documented by the HA community.

Two main assumptions:

  1. Humans carry mobile phones with enabled Wi-Fi
  2. The R-Pi3 is connected to the LAN through the wired Ethernet port

The idea is to set the R-Pi3 Wi-Fi module in promiscuous mode and swipe the Wi-Fi channels searching by Wi-Fi devices.

Known limitations:

  1. Apple and some Android devices do not broadcast their real MAC address but random ones while sending advertising beacons. Still, the goal is to detect presence, not to identifying.
  2. Sweeping all 2.4GHz Wi-Fi channels searching for Wi-Fi devices advertising their presence would require —worst case, a stationary presence of three seconds. This limitation can be mitigated by adding extra Wi-Fi devices (USB) to the R-Pi.

Minimum goal:

  1. Detect presence of Wi-Fi devices on the 2.4GHz band
  2. Log all traced/detected devices
  3. Skip tracking listed known-devices

The question: do we have anything like that today for HA?

Some interesting readings:

  1. Discovering Human Presence Activities with Smartphones Using Nonintrusive Wi-Fi Sniffer Sensors: http://journals.sagepub.com/doi/full/10.1155/2013/927940

  2. Log Wi-Fi Probe Requests from Smartphones, Laptops with Probemon: https://null-byte.wonderhowto.com/how-to/log-wi-fi-probe-requests-from-smartphones-laptops-with-probemon-0176303/

  3. Getting MAC Address of Devices NOT connected in your network: https://superuser.com/questions/1281274/how-to-get-the-mac-address-and-signal-strength-of-nearby-wireless-devices

2 Likes
2

You should take a look at this link here:
https://www.internalpositioning.com/doc/passive_tracking.md

I think this does not track unkown MAC addresses but maybe its a start for you.

3

I’ve been working on custom component that utilized ‘tshark’ to capture packets for 10 seconds and save to a file. The file is then loaded and parsed to register a new device in home assistant.

My code was thrown together quickly and is definitely not in a state that I would share yet, but I may continue working on it for a public release during free time.

I started with a project called howmanypeoplearearound. This project may also be a good starting point for you since it seams to be closer to what you want to do (find all nearby devices) whereas I am more interested in tracking my own devices (and devices nearby my house).

One problem I found was that I was able to pick up over 30 SSIDs and over 300 clients in a small neighborhood (not even an apartment). Obviously you don’t want 300 new devices showing up in HA, so i had to find ways to filter it down to only track my devices and unknown devices that are within range of my house:

  • Filter out any devices that are connecting to other peoples SSID. (I don’t want to see any of my neighbors devices that are connected to their own router.
  • Ensure that MY devices (anything in known_devices.yaml) are tracked.
  • Ensure that any devices that are not mine, and that are not connected to a neighbors router will get logged in the following way:
    • Use RSSI to determine if the device is within range of your house.
      • if not within range, ignore the device for now.
      • If it is within range:
        • wait for this device to be found within range on 5 different tshark scans.
        • After being found 5 time (within range), report it to Home Assistant as a new device and start tracking the device in HA.

Hope this helps you out a bit!

4

There is also this thread (that I found only after starting to work on my custom component) that may also be of interest to you.

[AppDaemon] Presence Listening (via tshark) v1.1.0