This approach relies solely on the "unencrypted parts of legitimate traffic". The attacker does not need to send any packets or "generate" their own traffic; they simply "listen" to the natural communication between an access point and its clients.
BFI is much more complex than simple signal strength. RSSI is an aggregation of information that the researchers describe as "not robust" for fine-grained tasks In contrast, BFI is a high-resolution, compressed representation of signal characteristics. This rich data allows the system to distinguish between 197 different individuals with 99.5% accuracy, something impossible with basic RSSI.
While older CSI methods often focused on walking directly between a specific transmitter and receiver (Line-of-Sight), BFI allows a single malicious node to capture "every perspective" between the router and all its legitimate clients.
Also CSI requires specialized hardware and custom firmware, this one isn't, just wifi module in monitor mode.