An open-source project called RuView can reconstruct human body poses through walls using Wi-Fi signals. The tool, built by developer Reuven Cohen (GitHub handle ruvnet), hit the top of GitHub Trending in late February 2026 and accumulated 31,700 stars and 4,200 forks. A full sensor network runs on four to six ESP32-S3 microcontrollers that cost $9 each, putting the total hardware bill at $54.
CSI (Channel State Information) is the key to the system. Unlike standard signal strength readings (RSSI), CSI captures amplitude and phase across 56 subcarriers per Wi-Fi channel. RuView fuses three channels (1, 6, 11) into 168 virtual subcarriers and feeds the data to a neural network that maps signal distortions to 17 body keypoints in the COCO format (a standard skeleton model used in computer vision) and 24 body surface regions from Meta's DensePose framework.
Related: CVE roundup March 9. UltraVNC DLL hijack, Tiandy surveillance flaws, and a flood of PHP noise
The Rust-based processing pipeline handles 54,000 frames per second, according to the project's documentation. Through drywall or wood walls, a single ESP32-S3 node senses movement at up to five meters. A mesh of three to six nodes extends that range to eight meters and tracks three to five people simultaneously. The system can detect breathing at 6 to 30 breaths per minute and heart rate from 40 to 120 beats per minute.
Carnegie Mellon University laid the scientific foundation. Researchers Jiaqi Geng, Dong Huang, and Fernando De la Torre published "DensePose From WiFi" on arXiv (2301.00250) in December 2022. Their neural network achieved an Average Precision of 87.2 at an IoU threshold of 50%, which the authors described as "comparable to image-based approaches, using only Wi-Fi signals as input." The paper has 25 citations on Semantic Scholar.
Related: Signal and WhatsApp accounts hijacked in phishing campaign targeting officials and journalists
MIT demonstrated a related concept called RF-Pose in 2018, but that system required specialized radio hardware. RuView is the first open-source implementation to run on $9 commodity chips with a Docker container that launches in 30 seconds.
Despite the hype, some reviewers of the code suggested that the repository appears to be more conceptual than functional.
Independent verification is incomplete. The project's README states that full pose estimation requires CSI-capable hardware, and consumer Wi-Fi laptops expose only RSSI, not CSI. Community testing (documented in GitHub Issues #34 and #36) confirmed the system works on Windows 10 build 26200 with an Intel Wi-Fi 6 AX201 adapter, but only for coarse presence detection and motion classification. Skeleton-level tracking requires the ESP32-S3 hardware and has not been independently verified outside the developer's own tests and the original CMU research environment.
GBHackers and Cyber Security News flagged the dual-use risk on March 9, 2026. RuView's intended applications include elderly fall detection, patient monitoring without cameras, and search-and-rescue in smoke-filled buildings. The same capabilities allow covert surveillance through walls without physical entry.
A $9 ESP32-S3 module planted near a building could map occupant movements remotely. Guard patrol patterns, room occupancy, and daily routines become visible through walls. WPA3 encryption does not help because the system reads the physical layer (how waves scatter off bodies), not packet contents.
Detection is difficult. Passive CSI listeners do not transmit traffic and do not appear in network logs. GBHackers noted that existing data protection frameworks like GDPR may not cover this type of sensing because it captures body position without collecting direct personal identifiers such as names or IP addresses. No regulatory body has published guidance specific to CSI-based human tracking.
Countermeasures are limited and mostly physical. RF shielding (metal mesh, specialized wall coatings) can block Wi-Fi signals from leaking through walls in sensitive areas such as server rooms, executive offices, and meeting rooms. Organizations can scan for unauthorized ESP32-class devices near their perimeter. Randomizing CSI data at the router level has been proposed in academic literature but is not available in any commercial router firmware as of March 2026.
Have a story? Become a contributor.
We work with independent researchers and cybersecurity professionals. Send us a tip or submit your article for editorial review.
