SCADA Over Radio: Vulnerabilities in RF Links

5Gmb...M2Ub
25 Oct 2025
145

SCADA provides convenience at the expense of overall security.

Critical infrastructure can often be a hot issue in cyber. Not only do people have differing views and opinions on a multitude of issues, but overall, discussing the general importance of such systems can often be fraught with stress. 

Supervisory Control and Data Acquisition systems (SCADA) in particular, can prove to be a controversial topic, and while typically that is talked about in a wired concept, it’s less known that SCADA systems can and do operate perfectly well over radiofrequency (RF) links as well. Naturally, this can come with some additional security considerations, and it’s these points that we’re aiming to ponder in today’s article. 


SCADA Over RF

SCADA is typically a pretty broad term, and as such, it can be a little tricky to envisage what types of infrastructure we might see and why. To get your head around this, it’s worth taking a look at one of the internet’s coolest tools, Shodan.io, to get a feel for the types of systems we might find online. 


It’s worth taking the time to experiment here. Searching for “SCADA”, “SIEMENS PLC”, and other interesting tags will give you a slew of results. While not all of these systems will have the ability to transmit or receive data via RF, it’s still a good way to look at and learn about the types of systems we might encounter while online. 

It also gets the mind working on what might threaten these types of systems and, more importantly, how we might look at defending them. While at this point, wired systems and threats via IP tend to get most of the attention, the importance of the electromagnetic spectrum in areas like Ukraine, along with state-backed efforts to interfere with the Global Positioning System (GPS), means that this is rapidly changing. 

Now, even radiofrequency links stand to get some love too. And not always in a good way. 

Threat Assessment

Naturally, most cyber threats come via IP, and for the most part, SCADA systems are no different. However, the proliferation of cheap, software-defined radio devices like the ones we feature in Radio Hackers makes it easier than ever to intercept, identify or even duplicate RF-based signals. And from a threat perspective, this opens up a broad attack surface, particularly if you happen to be a nation-state looking to cause some trouble. 


It’s not just the now ubiquitous software-defined radio receivers that help with this either. Even a ten-year-old consumer laptop can run Linux and programs like Universal Radio Hacker, which enables us to probe deeply into a received signal and break it down entirely for investigation. There are also single-board computers like the Raspberry Pi that enable us to build off-grid systems in a small form factor that lets the whole thing work while mobile. Mr Robot, anybody?

While this sounds like a pretty complex summary, thankfully, like most cyber threats, we can break this down into digestible chunks, making it easier to manage. 

Essentially, with all this said, our threat vectors look something like this:

  1. Replay Attacks: Captured commands can be retransmitted to cause disruption.
  2. Eavesdropping: Attackers can monitor command/control messages.
  3. Protocol Weaknesses: Many SCADA protocols (like Modbus, DNP3, IEC 60870–5) were designed without encryption or authentication.
  4. Jamming/Denial of Service: Simple RF interference can knock out critical links.


How to secure such attack vectors is outside the scope of a single blog post. However, now that we understand the types of vectors that exist, we can look at why cyber can be both exhilarating and terrifying all the same time. 

While this is a fascinating topic to study, it also highlights how fragile some of the architecture of these systems can be.


Specialists Needed

Working with technology can be a passion. But it’s been said that there’s no quicker way to end a passion than to start being paid for it. And it’s fair to say that cybersecurity can be one of those jobs where the reality isn’t what it’s made out to be. 

If you’re tired of sitting in a security operations centre triaging alerts, but haven’t lost the passion entirely, then the idea of a course change might be kind of exciting, and it’s here where cyber shines. 

There is much more to the field than an entry-level SOC job, and the explosion of IoT-enabled devices has opened up new doors for pentesters and security specialists to ply their trade. 

The reality is that SCADA is no different. It still needs exploring, securing, and occasionally exploiting, and while AI offers much in the way of productivity benefits, the whole thing requires people to make it work as it should. People with curious minds. People with a passion. People just like you.

While some people might try to convince you that it’s to no avail if you don’t have a college degree, some of the best hackers in the world made their names by being nothing more than curious minds with a heap of tenacity. 

Some might say the best learning happens when you’re fearless in the pursuit of breaking things. For educational purposes, of course.


If you found this article insightful, informative, or entertaining, we kindly encourage you to show your support. Clapping for this article not only lets the author know that their work is appreciated but also helps boost its visibility to others who might benefit from it.

🌟 Enjoyed this article? Join the community! 🌟

📢 Join our OSINT Telegram channel for exclusive updates or

📢 Follow our crypto Telegram for the latest giveaways

🐦 Follow us on Twitter and

🟦 We’re now on Bluesky!

🔗 Articles we think you’ll like:

  1. What The Tech?! Space Shuttles
  2. Shodan: A Map of the Internet


✉️ Want more content like this? Sign up for email updates

Join our Crypto focused Telegram Channel!

Telegram
Enjoy this blog? Subscribe to Investigator515

0 Comments