RF Cyber Range: Building Communication Scenarios Using Software-Defined Radio for Radio Frequency Vulnerability Analysis
Abstract
The 433 MHz frequency band is widely used by low-cost wireless devices such as sensors and alarm systems, but it often lacks robust security mechanisms. This work proposes the construction of communication scenarios for vulnerability analysis in RF devices using software-defined radios (SDR). The methodology combines scientometric analysis, a survey of vulnerabilities from CVE databases, and both simulated and practical experiments using GNU Radio and RTL-SDR. The results demonstrate the feasibility of attacks such as jamming and replay, highlighting the risks associated with the absence of authentication and encryption in these devices. Results highlight the need for RF security and validate SDR for vulnerability testing.References
Abdul-Ghani, H. A. and Konstantas, D. (2019). A comprehensive study of security and privacy guidelines, threats, and countermeasures: An iot perspective. Journal of Sensor and Actuator Networks, 8(2):22.
Allen, A., Mylonas, A., Vidalis, S., and Gritzalis, D. (2024). Smart homes under siege: Assessing the robustness of physical security against wireless network attacks. Computers & Security, 139:103687.
Anatel (2017). National telecommunications agency. Technical Report 680, Anatel. Resolution No. 680 of June 27, 2017: Regulation on Restricted Radiation Radiocommunication Equipment.
Anatel (2025). National telecommunications agency. [link].
Anthi, E., Williams, L., Ieropoulos, V., and Spyridopoulos, T. (2024). Investigating radio frequency vulnerabilities in the internet of things (iot). IoT, 5(2):356–380.
Brazil (1997). Law no. 9.472 of july 16, 1997: General telecommunications law.
CERT.br (2025). Computer emergency response team brazil. [link]. Brazilian National CSIRT of Last Resort.
CISA (2025). Cybersecurity and infrastructure security agency. [link]. Known Exploited Vulnerabilities (KEV) Catalog.
ENISA (2020). European union agency for cybersecurity. [link]. Guidelines for Securing the Internet of Things (IoT),.
FIRST (2025a). Common vulnerability scoring system v3.1: Specification document. [link].
FIRST (2025b). Exploit prediction scoring system (epss). [link].
GNU Radio (2025). Gnu radio. [link].
Han, M., Yang, H., Li, W., Xu, W., Cheng, X., Mohapatra, P., and Hu, P. (2025). Rf sensing security and malicious exploitation: A comprehensive survey. arXiv preprint, arXiv:2504.10969.
Hung, P. D. and Vinh, B. T. (2019). Vulnerabilities in iot devices with software-defined radio. In 2019 IEEE 4th International Conference on Computer and Communication Systems (ICCCS), pages 1–5.
ISI Web of Science (2025). Isi web of science. [link].
ITU (2010). International telecommunication union. Report SM.2180. Impact of Industrial, Scientific and Medical (ISM) Equipment on Radiocommunication Services.
ITU (2025). International telecommunication union. [link]. ITU Radiocommunication Sector (ITU-R).
Kasper, T., Oswald, D., and Paar, C. (2011). Wireless security threats: Eavesdropping and detecting of active rfids and remote controls in the wild. In Proceedings of the 19th International Conference on Software, Telecommunications and Computer Networks (SoftCOM), pages 1–6. IEEE.
Kumbhar, A. (2017). Overview of ism bands and software-defined radio experimentation. Wireless Personal Communications, 97:3743–3756.
Lau, F., Rubin, S. H., Smith, M. H., and Trajkovic, L. (2000). Distributed denial of service attacks. In Proceedings of the SMC 2000 Conference Proceedings, 2000 IEEE International Conference on Systems, Man and Cybernetics: ’Cybernetics Evolving to Systems, Humans, Organizations, and Their Complex Interactions’, volume 3, pages 2275–2280, Nashville, TN, USA. IEEE.
Lee, H.-M., Juvekar, C. S., Kwong, J., and Chandrakasan, A. P. (2017). A nonvolatile flip-flop-enabled cryptographic wireless authentication tag with per-query key update and power-glitch attack countermeasures. IEEE Journal of Solid-State Circuits, 52(1):272–283.
MITRE Corporation (2025). Common vulnerabilities and exposures (cve®). [link].
Muñoz, A., Fernández-Gago, C., and López-Villa, R. (2023). A test environment for wireless hacking in domestic iot scenarios. Mobile Networks and Applications, 28:1255–1264.
Mykhaylova, O., Stefankiv, A., Nakonechny, T., Fedynyshyn, T., and Sokolov, V. (2024). Resistance to replay attacks of remote control protocols using the 433 mhz radio channel. In Proceedings of the Workshop on Cybersecurity Providing in Information and Telecommunication Systems (CPITS 2024), volume 3654, Kyiv, Ukraine. CEUR Workshop Proceedings.
Najath, M. N. M., Herath, H. M. D. S., and Rajapakse, A. (2022). Design and testing of an arduino-based network jammer device. In 2022 7th International Conference on Information Technology Research (ICITR), pages 1–6.
NIST (2025). National institute of standards and technology. [link]. National Vulnerability Database (NVD).
Page, M. J., McKenzie, J. E., Bossuyt, P. M., Boutron, I., Hoffmann, T. C., Mulrow, C. D., Shamseer, L., Tetzlaff, J. M., Akl, E. A., Brennan, S. E., et al. (2021). The prisma 2020 statement: An updated guideline for reporting systematic reviews. Systematic Reviews, 10:89.
R Core Team (2025). R: A Language and Environment for Statistical Computing. R Foundation for Statistical Computing, Vienna, Austria.
Ribeiro, J. A. J. (2008). Electromagnetic Wave Propagation: Principles and Applications. Érica Publishing, 2nd edition.
RTL-SDR (2025). Rtl-sdr (software defined radio). [link].
Scopus (2025). Scopus. [link].
Zhu, J. and Liu, W. (2020). A tale of two databases: The use of web of science and scopus in academic papers. Scientometrics, 123:321–335.
Allen, A., Mylonas, A., Vidalis, S., and Gritzalis, D. (2024). Smart homes under siege: Assessing the robustness of physical security against wireless network attacks. Computers & Security, 139:103687.
Anatel (2017). National telecommunications agency. Technical Report 680, Anatel. Resolution No. 680 of June 27, 2017: Regulation on Restricted Radiation Radiocommunication Equipment.
Anatel (2025). National telecommunications agency. [link].
Anthi, E., Williams, L., Ieropoulos, V., and Spyridopoulos, T. (2024). Investigating radio frequency vulnerabilities in the internet of things (iot). IoT, 5(2):356–380.
Brazil (1997). Law no. 9.472 of july 16, 1997: General telecommunications law.
CERT.br (2025). Computer emergency response team brazil. [link]. Brazilian National CSIRT of Last Resort.
CISA (2025). Cybersecurity and infrastructure security agency. [link]. Known Exploited Vulnerabilities (KEV) Catalog.
ENISA (2020). European union agency for cybersecurity. [link]. Guidelines for Securing the Internet of Things (IoT),.
FIRST (2025a). Common vulnerability scoring system v3.1: Specification document. [link].
FIRST (2025b). Exploit prediction scoring system (epss). [link].
GNU Radio (2025). Gnu radio. [link].
Han, M., Yang, H., Li, W., Xu, W., Cheng, X., Mohapatra, P., and Hu, P. (2025). Rf sensing security and malicious exploitation: A comprehensive survey. arXiv preprint, arXiv:2504.10969.
Hung, P. D. and Vinh, B. T. (2019). Vulnerabilities in iot devices with software-defined radio. In 2019 IEEE 4th International Conference on Computer and Communication Systems (ICCCS), pages 1–5.
ISI Web of Science (2025). Isi web of science. [link].
ITU (2010). International telecommunication union. Report SM.2180. Impact of Industrial, Scientific and Medical (ISM) Equipment on Radiocommunication Services.
ITU (2025). International telecommunication union. [link]. ITU Radiocommunication Sector (ITU-R).
Kasper, T., Oswald, D., and Paar, C. (2011). Wireless security threats: Eavesdropping and detecting of active rfids and remote controls in the wild. In Proceedings of the 19th International Conference on Software, Telecommunications and Computer Networks (SoftCOM), pages 1–6. IEEE.
Kumbhar, A. (2017). Overview of ism bands and software-defined radio experimentation. Wireless Personal Communications, 97:3743–3756.
Lau, F., Rubin, S. H., Smith, M. H., and Trajkovic, L. (2000). Distributed denial of service attacks. In Proceedings of the SMC 2000 Conference Proceedings, 2000 IEEE International Conference on Systems, Man and Cybernetics: ’Cybernetics Evolving to Systems, Humans, Organizations, and Their Complex Interactions’, volume 3, pages 2275–2280, Nashville, TN, USA. IEEE.
Lee, H.-M., Juvekar, C. S., Kwong, J., and Chandrakasan, A. P. (2017). A nonvolatile flip-flop-enabled cryptographic wireless authentication tag with per-query key update and power-glitch attack countermeasures. IEEE Journal of Solid-State Circuits, 52(1):272–283.
MITRE Corporation (2025). Common vulnerabilities and exposures (cve®). [link].
Muñoz, A., Fernández-Gago, C., and López-Villa, R. (2023). A test environment for wireless hacking in domestic iot scenarios. Mobile Networks and Applications, 28:1255–1264.
Mykhaylova, O., Stefankiv, A., Nakonechny, T., Fedynyshyn, T., and Sokolov, V. (2024). Resistance to replay attacks of remote control protocols using the 433 mhz radio channel. In Proceedings of the Workshop on Cybersecurity Providing in Information and Telecommunication Systems (CPITS 2024), volume 3654, Kyiv, Ukraine. CEUR Workshop Proceedings.
Najath, M. N. M., Herath, H. M. D. S., and Rajapakse, A. (2022). Design and testing of an arduino-based network jammer device. In 2022 7th International Conference on Information Technology Research (ICITR), pages 1–6.
NIST (2025). National institute of standards and technology. [link]. National Vulnerability Database (NVD).
Page, M. J., McKenzie, J. E., Bossuyt, P. M., Boutron, I., Hoffmann, T. C., Mulrow, C. D., Shamseer, L., Tetzlaff, J. M., Akl, E. A., Brennan, S. E., et al. (2021). The prisma 2020 statement: An updated guideline for reporting systematic reviews. Systematic Reviews, 10:89.
R Core Team (2025). R: A Language and Environment for Statistical Computing. R Foundation for Statistical Computing, Vienna, Austria.
Ribeiro, J. A. J. (2008). Electromagnetic Wave Propagation: Principles and Applications. Érica Publishing, 2nd edition.
RTL-SDR (2025). Rtl-sdr (software defined radio). [link].
Scopus (2025). Scopus. [link].
Zhu, J. and Liu, W. (2020). A tale of two databases: The use of web of science and scopus in academic papers. Scientometrics, 123:321–335.
Published
2025-09-01
How to Cite
ARAÚJO, Patrícia R.; BORTOLOTO, Raul G. O.; FARIA, Décio R. M.; GOMES, Otávio S. M..
RF Cyber Range: Building Communication Scenarios Using Software-Defined Radio for Radio Frequency Vulnerability Analysis. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 757-773.
DOI: https://doi.org/10.5753/sbseg.2025.11485.
