This work presents the first systematic evaluation of the practical security and deployability of the emerging IEEE 802.11az/bk Wi-Fi ranging standards at both the logical and physical layers. Through comprehensive protocol analysis, RF simulations, and real-world experiments on commercial and development hardware, the study uncovers critical vulnerabilities—including missing authentication, downgrade attacks, and denial-of-service conditions—stemming from improper configuration. It further examines how waveform design choices impact spectral compliance. The findings reveal limited current device support and a high dependence of secure operation on correct configuration. Based on these insights, the paper proposes practical configuration guidelines that balance security and usability, and offers concrete recommendations to vendors and standards bodies to enhance robustness and deployment feasibility.

Ranging and localisation have become critical for many applications and services. The Wi-Fi (IEEE 802.11) standard is a natural candidate for providing these functions across diverse environments, given its widespread deployment. The IEEE 802.11az amendment, finalised in 2023, introduces "Next Generation Positioning" mechanisms to secure and harden the existing insecure Wi-Fi Fine Timing Measurement (FTM) ranging solution. Moreover, the recent IEEE 802.11bk amendment increases the available bandwidth with the goal of approaching the centimetre-level ranging accuracy of ultra-wideband (UWB) systems. This paper examines to what extent these promises hold from a security and deployability perspective. We analyse the core mechanisms of secure Wi-Fi ranging as defined in IEEE 802.11az and IEEE 802.11bk at both the logical and physical layers, combining standards analysis with simulations and measurements on commercial and development hardware. At the logical layer, we show how common deployment choices can result in unauthenticated ranging, downgrade attacks, and simple denial-of-service attacks, making it difficult to securely realise many high-stakes use cases. At the physical layer, we study the predictability of secure ranging waveforms, the security impact of symbol repetition, and how waveform design choices affect compliance with spectral masks under realistic RF behaviour. Our results show that secure Wi-Fi ranging is highly sensitive to configuration choices and is non-trivial to implement on existing hardware. This is also evidenced by the currently limited support for secure Wi-Fi ranging in commodity devices. This paper provides practical guidelines for using secure FTM safely and recommendations to vendors and standardisation bodies to improve its robustness and deployability.