Radio Frequency Security and OPSEC
Updated: Dec 15, 2022
RF Transmissions are Inherently Insecure
Many organizations rely heavily on Radio Frequency (RF) transmissions to conduct daily operations. Chris Risley from Security Magazine says: "[RF protocols] may have security protocols, but they don’t have the battle-hardening to properly identify and mitigate radio-borne threats. Traditional security products ignore RF protocols in the air and wait for issues to show up as symptoms on the wired network."
Listening in isn't discouraged
RF transmissions used in publicly usable ranges can be intercepted and "heard" by anyone in listening distance. Furthermore, the Federal Communications Commission (FCC) lists "Mere interception of radio communications, such as overhearing your neighbor’s conversation over a cordless telephone" and "divulgence of transmissions by amateur radio or citizen band radio operators" as legal.
Hacking Industrial Controllers is Easy
“An attacker can just be within the range of a construction site, pretend to be a bystander, hide a battery-powered, coin-sized device (with an inexpensive radio transceiver at that), and use it remotely to craft arbitrary packets to control an industrial machine or persistently simulate a malfunction" (CBR Staff Writer, 2019). This is a considerable risk since organizations can't stop people outside the property. A person on the ground with a two-way radio can transmit around 4 to 6 miles away (Intercom System and Wireless Intercom Experts, 2020).
All data that is transmitted through the air should be treated as compromised. Act as if the world is listening when your data is flying through the open air. Because of the inherent insecurity of RF, lack of legal discouragement, and the ability to easily compromise devices at long range, they very much could be! Since an attacker can piece together business operations one by one and use them to unleash the gambit of attacks, operational security (OPSEC) is important. Be mindful when you transmit information over the airwaves. Never forget, loose lips sink ships!
CBR Staff Writer. (2019, January 15). Hacking Industrial Controllers is Child’s Play, Can be Done by Drone. Tech Monitor. https://techmonitor.ai/techonology/cybersecurity/hacking-industrial-radio-frequencies
Federal Communications Commission. (2021, January 13). Interception and divulgence of radio communications. https://www.fcc.gov/consumers/guides/interception-and-divulgence-radio-communications
Intercom System and Wireless Intercom Experts. (2020, August 13). 2-Way radio range: How far can two-way radios communicate. https://www.intercomsonline.com/2-way-radio-range-how-far-can-two-way-radios-communicate
Risley, C. (2020, July 6). Radio frequency: An airborne threat to corporate and government networks. Security Magazine. https://www.securitymagazine.com/articles/92729-radio-frequency-an-airbone-threat-to-corporate-and-government-networks