From 1s & 0s to Wobbly Lines: The Radio Frequency (RF) Security Starter Guide

Although radio frequency energy (RF) communications are increasingly essential to modern wireless networking and IoT, the security of RF is notoriously lax.

It's almost impossible to think about modern IT and networking without bringing radio frequency energy (RF) into the picture. That means it's equally impossible to fully consider IT security without thinking about the implications of radio as both a Layer 1 component and a critical attack vector.

The problem for most IT and security professionals is that RF is all wibbly-wobbly and squishy. Rather than the neat, clean, on/off, one/zero of the digital domain, radio tends to be described in terms of frequencies and amplitudes, reflection and refraction, all of which are measured and described in the analog domain.

So for security professionals the questions become, why should they take the time to learn about this mysterious transmission layer, and where do they begin?

The Why

"Radio has changed how corporate networks interact with the Internet, meaning that almost all devices that employees bring into the office are communicating through the airwaves," says Joseph Carson, chief security scientist at Thycotic. And in addition to the IT uses of RF, there are IoT and OT uses as well as application uses in areas like public service and communications between locations and employees.

It's that variety of different ways in which RF can be used that make it important for security professionals to understand something of the basics of radio. "In the past, it was all about how to get an RJ45 connection to a network. Today, it is all about intercepting radio signals such as Bluetooth, Wi-Fi, 4G, and now 5G," says Carson.

The Danger

Once transmitted into space, a radio signal can be intercepted by anyone with a receiver tuned to the proper frequency. Building or buying a receiver for just about any frequency is easy, and new technology is making it even easier.

As Carson says, "The biggest challenge is that most radio signals are not encrypted, and with a good software-defined radio, you can easily intercept most RFs — such as airport communications, device broadcasts, weather stations, satellites, and even emergency communication."

Researchers have already demonstrated how RF exploits could be used to manipulate cardiac implants, heavy construction machinery, emergency alert sirens, in-flight aircraft, and much more.

Dangers are amplified when users expect radio communications to be private. "The attackers are exploiting a social expectation," says Fausto Oliveira, principal security architect at Acceptto. "People nowadays expect that public places provide wireless connectivity, and the attackers take advantage of that expectation."

The What

There's no question that communications over the radio of Wi-Fi is hazardous.

"The best ways to stay protected against this type of threat are to use a trusted VPN software to ensure that all your connectivity is encrypted," Oliveira says. "Do not connect to Wi-Fi access points that you do not recognize. Look at the content that is being presented when an access point requests for your personal data, and if you spot inconsistencies or the level of detail being requested makes you feel uncomfortable, disconnect from that network."

The real danger is that similar risks can exist on other RF networks that may not have the same defensive possibilities that have been built into and bolted onto Wi-Fi. In these application-specific, IoT, OT, or cellular data network instances, knowing what the radio signals themselves bring to the infrastructure can be the key to understanding which security steps will be most effective.

So what should an infosec professional know about RF? Before launching into a brief explanation, some caution is in order.

"Radio frequency analysis and security is a complex topic that intersects several fields of information security, information theory, physics, and electrical engineering," says Charles Ragland, security engineer at Digital Shadows.

The combination of complexity and analog nature makes certain measurements and descriptions far more intricate operations than they are in the more straightforward digital realm. What follows are basics, with places to go to find richer explanations of the details.

There are two fundamental measurements of RF and a handful of very important ones. The two fundamentals are frequency and amplitude, and they tell us a lot about what's going on.

Frequency is the number of times the signal oscillates (goes from peak to peak) in one second. Measured in hertz, in radio applications frequencies can range from very low (3 kHz, or 3,000 oscillations per second) to very high (30 GHz, or 3 billion oscillations per second, which is the highest frequency seen in most cases, though the radio spectrum extends up to 300 GHz).

Frequency is important because signals of different frequency react with their environment in different ways (on the whole, lower frequency signals go through solid walls more easily) and because more information can be sent in a second of higher frequency signal than of lower frequency signal.

Amplitude tells us how powerful the signal is — basically, how high the peaks are. Amplitude is important because it can have a profound impact on how far from its source a signal can be received, which environments it can survive, and the impact the signal has on objects in its environment.

There are other terms that are frequently used in RF descriptions. Wavelength is related to frequency: The lower the frequency, the farther apart the peaks are in space. For example, the wavelength of 60 kHz is around 3,000 miles, while the wavelength of 2.4 GHz (the frequency of 802.11b Wi-Fi and microwave ovens) is a bit less than 5 inches. This, as you might expect, has a profound impact on antennae for each.

Radio signals are polarized. They can be vertical, horizontal, or circular, and each is useful for different circumstances. Put in simplest terms, if the receiving antenna is in the same orientation as the transmitting antenna, the signal will tend to be received more clearly.

And then there are terms around the fact that radio signals bounce, bend, and refract through different materials and environments. These characteristics can explain why a radio signal is not being received where you hope, is being received where it shouldn't be, and can be received by those who shouldn't receive it.

The More

Ragland has a list of online resources he uses to help people learn about different aspects of RF communications. "Airheads forums are a great place to find tidbits of knowledge, including presentations covering the fundamentals of wireless networking," he says, noting the forum is run by, and tends to focus on, Aruba networking products.

To figure out which devices use which frequencies, he recommends the Signal Identification Wiki. In addition to basic data, he says, "Information found here, along with some easy-to-purchase USB adapters, can lead to all kinds of fun, like using your computer to open and close your garage door."

And for those who want to build or buy low-cost receivers to sniff RF in different circumstances, he recommends three sites:

"The future of hacking is without a doubt going to be about listening to the airwaves and capturing them," Carson says. The time to learn about them is now.

Related Content:

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Recommended Reading: