> Service // RF & Wireless Security

RF & Wireless Security

Secure the spectrum.

Most organizations secure their networks but leave the airwaves wide open. RF and wireless attack surfaces span every frequency band — from access cards and key fobs to WiFi and proprietary industrial protocols. BFSG operators bring purpose-built hardware and deep RF expertise to find what standard assessments miss entirely.

Coverage by Technology

Specialist capability across the full RF spectrum

Sub-GHz (433 / 868 / 915 MHz)

Garage doors, key fobs, legacy alarms, IoT sensors, and industrial control systems operating on sub-gigahertz bands. Replay, jamming, and signal analysis.

Bluetooth & BLE

Bluetooth pairing weaknesses, BLE advertisement snooping, GATT service enumeration, and exploitation of improperly secured IoT and medical devices.

WiFi (WPA2 / WPA3)

Wireless network penetration testing, rogue AP detection, deauth attacks, PMKID capture, enterprise 802.1X weakness testing, and client-side attacks.

RFID & NFC

Access card cloning assessment, NFC replay vulnerability testing, and credential duplication risk evaluation for physical access control systems.

SDR-Based Analysis

Software-Defined Radio analysis for custom or proprietary protocols, aviation/maritime signal assessment, and any non-standard RF communication system.

TSCM — Technical Surveillance Countermeasures

Detection of unauthorized listening devices, hidden cameras, GPS trackers, and covert transmitters using spectrum analysis and RF detection equipment.

Assessment Methodology

Systematic spectrum analysis through controlled attack simulation

01

RF Spectrum Survey

Passive spectrum analysis across relevant frequency ranges using HackRF and professional SDR equipment. Identify all active transmitters, signal types, and anomalous emissions within scope.

02

Protocol Analysis

Capture and decode wireless communications. Identify unencrypted protocols, weak encryption implementations, replay-vulnerable systems, and cleartext credentials.

03

Active Attack Simulation

Replay attacks, signal jamming impact assessment, spoofing tests, deauthentication attacks, and protocol-specific exploitation under controlled conditions with documented authorization.

04

Physical Layer Assessment

Evaluate RFID/NFC credential systems for cloning vulnerability, assess Bluetooth pairing weaknesses, and test wireless access control for bypass techniques.

05

Documentation & Reporting

Frequency inventory, vulnerability map, attack simulation results, and hardening recommendations delivered in technical and executive formats.

Deliverables

Concrete documentation of every RF exposure found in your environment.

  • Frequency inventory — complete map of active RF assets in scope
  • Vulnerability map — identified weaknesses per technology and frequency band
  • Attack simulation results — documented proof of exploitable conditions
  • Protocol risk assessment — encryption, authentication, and replay vulnerability analysis
  • Hardening recommendations — configuration changes, hardware upgrades, monitoring guidance
  • TSCM findings report (if technical surveillance sweep is in scope)

HARDWARE CAPABILITY

Assessments are conducted using professional SDR hardware including HackRF One, Flipper Zero, Alfa adapters, and purpose-built RF tooling — not consumer equipment repurposed for security testing.

CUSTOM FIRMWARE EXPERTISE

BFSG maintains custom firmware development capability for RF research tools, enabling deeper protocol analysis and attack simulation beyond commercial tooling limitations.

Assess Your Wireless Attack Surface

RF vulnerabilities are often the easiest entry points and the last ones organizations check. Contact us to scope an RF and wireless assessment for your environment.

Contact UsAll Services