RF Sensing Security and Malicious Exploitation: A Comprehensive Survey
Mingda Han, Huanqi Yang, Wenhao Li, Weitao Xu, Xiuzhen Cheng, Prasant Mohapatra, Pengfei Hu
TL;DR
This survey analyzes the security and privacy landscape of RF sensing systems that rely on signals such as mmWave, Wi‑Fi, LoRa, and RFID. It introduces two unified threat models, IVEM and STIM, to unify intrinsic vulnerabilities and sensing-based invasions, and provides task-specific vulnerability analyses across HAR, gesture recognition, authentication, localization, and autonomous vehicle sensing with representative case studies. The work offers a comprehensive defense taxonomy spanning physical, signal, and model layers, highlighting active and passive paradigms, and discusses the need for cross-layer, standards-driven protection for next‑generation RF sensing in 6G and ISAC contexts. By exposing both attack pathways and defense gaps, the paper emphasizes practical implications for secure deployment, including privacy-preserving sensing, intrusion detection, and cross-modal verification, while calling for standardized threat models and privacy regulations to guide future developments.
Abstract
Radio Frequency (RF) sensing technologies have experienced significant growth due to the widespread adoption of RF devices and the Internet of Things (IoT). These technologies enable numerous applications across healthcare, smart homes, industrial automation, and human-computer interaction. However, the non-intrusive and ubiquitous nature of RF sensing - combined with its environmental sensitivity and data dependency - makes these systems inherently vulnerable not only as attack targets, but also as powerful attack vectors. This survey presents a comprehensive analysis of RF sensing security, covering both system-level vulnerabilities - such as signal spoofing, adversarial perturbations, and model poisoning - and the misuse of sensing capabilities for attacks like cross-boundary surveillance, side-channel inference, and semantic privacy breaches. We propose unified threat models to structure these attack vectors and further conduct task-specific vulnerability assessments across key RF sensing applications, identifying their unique attack surfaces and risk profiles. In addition, we systematically review defense strategies across system layers and threat-specific scenarios, incorporating both active and passive paradigms to provide a structured and practical view of protection mechanisms. Compared to prior surveys, our work distinguishes itself by offering a multi-dimensional classification framework based on task type, threat vector, and sensing modality, and by providing fine-grained, scenario-driven analysis that bridges theoretical models and real-world implications. This survey aims to serve as a comprehensive reference for researchers and practitioners seeking to understand, evaluate, and secure the evolving landscape of RF sensing technologies.