Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResilienceProfiles in ExcellencePhysical Security

Radio frequency: An airborne threat to corporate and government networks

Radio frequency espionage is a growing concern for cybersecurity, and this trend is bound to continue.

By Chris Risley
SEC0720-5G-Feat-slide1_900px
SEC0720-5G-slide2_900px
SEC0720-5G-Feat-slide1_900px
SEC0720-5G-slide2_900px
July 6, 2020

As the government is committed to securing the nation from cyberattacks and as enterprises proactively protect their corporation from cybercriminals, there looms a silent and stealthy threat: radio frequency (RF) espionage.

The threat of RF attacks to our nation and to the enterprise has never been greater with devices running on various networks across the wireless spectrum. These devices present major risks because wireless communications are a blind spot.

 

The Hidden RF Dangers

According to the annual Ericsson report, there are more than 22 billion connected devices – 15 billions of these devices contain radios – making them targets for an RF breach. Nations and enterprises are more at risk of a radio-based attack than ever before. Forty years later, we’ve become pretty good at securing the wired Ethernet. Somehow our confidence in wired Ethernet has magically transferred into confidence with Wi-Fi, Bluetooth, Bluetooth Low Energy, Zigbee and Cellular.

But these RF protocols are all newer and each brings its own vulnerabilities. They may have security protocols, but they don’t have the battle-hardening to properly identify and mitigate radio-borne threats. Traditional security products ignore RF protocols in the air and wait for issues to show up as symptoms on the wired network. Corporations and governments can’t counteract what they can’t detect. Vulnerable wireless and cellular devices are currently masquerading as everyday devices inside government facilities and in enterprises. These rogue devices can include building controls, cell phones, medical devices, printers, security cameras, smart TVs and more.

For instance, a company iPad connected to a network can also be tethered to a cell phone via Bluetooth and that same cell phone can be covertly connected to a server in China where hackers are analyzing the exfiltrated data to access sensitive company and customer information.

 

Beware: Obscurity is Not Security

When 156 emergency sirens in Dallas, Texas were compromised via an RF attack in 2017, they screamed a warning notice about the vulnerable radio-controlled national infrastructure. Systems which use radio controls (not just emergency siren systems) are often vulnerable to invisible radio attacks. The Dallas incident revealed how just vulnerable cities are.

The vendors and purchasers for the siren systems in Dallas potentially thought they had security through obscurity, because they had their own special network and dedicated radio protocol. What they didn’t have was true encryption. An attacker could record the commands sent out every week for the two-minute siren test and play them back in the middle of the night to terrify a major city. Radio hacking tools and computing technology is faster, more accessible and cheaper than ever. This enables hackers the opportunity to research, find and exploit any weaknesses that exist.

 

Where Vulnerabilities Lie

RF vulnerabilities most often aren’t due to flaws in operating systems and applications. These flaws often reside in the firmware of communications chips, which are trade secrets not open to public inspection. An attack on them bypasses not just network firewalls, but many forms of detection. The vulnerable devices are often simple, produced by the billions and found in IoT, in wearables and in the gadgets we use. Many manufacturers have a tendency to pay more attention to low-cost solutions rather than proven security measures.

The knowledge surrounding these vulnerabilities is widespread. While nation-states used to use hidden “bugs” on obscure frequencies, most are employing cellular, Bluetooth, BLE and Wi-Fi for spying these days since many of these signals are bouncing around everywhere – even in the most secure areas – making it easy for spy radios to be disguised in the traffic. With wireless devices playing a growing role in data communications, vulnerabilities based in RF communications are a growing concern for cybersecurity, and this trend is bound to continue.

 

Recognizing Malicious RF Threats

As the avalanche of wireless devices increases, the attacks will grow increasingly common. The IoT has resulted in the development of 100 new RF protocols, each optimized for a particular class of devices. Because new wireless protocols are also relatively untested, they are frequently insecure, leaving an entry point for hacks. A network’s airspace is susceptible to RF threats because it is invisible to corporate security teams.

There are multiple examples of radio-based device threats published in the last two years, including SweynTooth, BleedingBit, BlueBorne, KeySniffer, MouseJack, Philips Hue and Zigbee Worm. These SweynTooth vulnerabilities alone affect billions of Bluetooth Low Energy (BLE) chips in wearables, heart monitors and wireless keyboards and more. Very few CISOs even know how many BLE devices are in their facility. SweynTooth may be prevented by bringing all BLE devices up to the post-SweynTooth firmware for that device. However, if you don’t know the devices are there, you certainly haven’t updated their firmware.

The recent SweynTooth vulnerability discovered in early 2020 is particularly alarming because it highlights the difficulty of locating BLE devices in corporate networks. For instance, when BLE devices pair with other devices, the devices stop advertising their existence (that means that most BLE devices are invisible in corporate settings). SweynTooth allows attackers to leverage radio to sidestep security and take control of or shut down BLE devices. Once hackers have a compromised device inside a corporate network, the attackers can use the device as an entry point to infiltrate other systems to mine for company secrets and sensitive data. Notably, company devices or personal gadgets can be compromised outside the facility, i.e. at a coffee shop frequented by employees for example. Then, they are carried back into the facility by an unknowing employee to be used as a beachhead for attackers to extract data.

 

Securing the Radio Space: RF Security Recommendations

Corporations can safeguard their intellectual property and sensitive data by assessing what devices are operating in their radio space and whether the traffic is encrypted or not.

So how should organizations be preparing? Here are essential steps for enterprises to protect their business from an RF hack:

  1. Take control of your airspace: Obtain visibility into devices that use: cellular, Wi-Fi, Bluetooth and BLE. Locating every radio emitter provides situational awareness into devices in an enterprise’s network. This also lets you bring firmware up to date.
  2. Evaluate RF technology: Assessing RF security solutions will be vital in preserving company secrets. As security teams examine RF products in the market, considering a checklist of capabilities should include solutions that can detect, analyze, alert and accurately locate cellular devices in corporate airspaces in real time.
  3. Deploy RF solutions: Proactively equipping an organization with RF security technology will future-proof an enterprise from an RF breach. Adopting RF solutions that constantly monitor and detect the transmissions of devices in the wireless spectrum will combat nefarious attacks.

There’s widespread recognition of sophisticated RF threats and espionage, but there’s been limited adoption and enforcement of security policies to protect an organization’s valuable assets from an airborne attack. Maintaining secure businesses and deploying RF monitoring technology will be pivotal for corporations to fend off malicious airborne threats.

KEYWORDS: critical infrastructure cyber security information security Internet of Things (IoT) risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Chris Risley is a contributing writer and CEO of Bastille Networks. He has more than 25 years of software experience, during which he has led nine venture-backed startups.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • drones freepik

    Uncovering the legality and security of radio frequency based drone detection systems – 5 questions to ask technology providers

    See More
  • airport

    Enhance security at mass transit hubs with radio frequency technology

    See More
  • SEC0219-data-Feat-slide1_900px

    How to protect ERP data when access to corporate networks is both ubiquitous and for sale on the dark web

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • A Leaders Guide Book Cover_Nicholson_29Sept2023.jpg

    A Leader’s Guide to Evaluating an Executive Protection Program

  • Security of Information and Communication Networks

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing