Spectrum-Based Security Assessment of Electric Gates Using Offensive Security Methodology
DOI:
https://doi.org/10.56294/dm2025832Keywords:
Wireless vulnerabilities, Spectrum analysis, MAGERIT methodology, Software Defined Radio (SDR), RF securityAbstract
This study investigates the security vulnerabilities of electric gate systems when exposed to radio-frequency attacks. Three Software Defined Radio (SDR) platforms, Flipper Zero, RTL-SDR and ADALM-PLUTO, were used to evaluate seven representative real-world scenarios by applying an Offensive Security methodology. Spectrum analysis served exclusively to capture and decode RF signals; the identification of security weaknesses and the design of mitigation strategies arose from a structured risk assessment rather than from the spectrum analyzer itself. The findings demonstrate that fixed-code protocols are highly susceptible to replay attacks, whereas rolling-code implementations substantially reduce the attack surface. A quantitative risk analysis based on the CIA triad and the MAGERIT framework was performed to determine the probability and impact of successful intrusions. The results support the adoption of rolling-code protocols and regular firmware updates to strengthen RF-based access control. This work provides the first empirical assessment in the region that combines three SDR platforms with a formal CIA/MAGERIT risk model to guide manufacturers, installers and end users in improving the security of electric gate systems.
References
1. Díaz V. Dos vehículos fueron robados de un condominio en el norte de Quito [Internet]. El Comercio. 2019 [cited 2025 Jul 8]. Available from: https://www.elcomercio.com/actualidad/seguridad/vehiculos-robo-condominio-san-carlos/
2. Madrid R. Bandas ingresan a parqueaderos de condominios para robar piezas de vehículos en Quito [Internet]. El Comercio. 2021 [cited 2025 Jul 8]. Available from: https://www.elcomercio.com/actualidad/seguridad/bandas-delictivas-condominios-robo-piezas-vehiculos/
3. Ghanem A, Altawy R. Garage Door Openers: A Rolling Code Protocol Case Study. In: 2022 19th Annual International Conference on Privacy, Security and Trust, PST 2022. Institute of Electrical and Electronics Engineers Inc.; 2022. DOI: https://doi.org/10.1109/PST55820.2022.9851991
4. Zou Y, Zhu J, Wang X, Hanzo L. A Survey on Wireless Security: Technical Challenges, Recent Advances, and Future Trends [Internet]. Vol. 104, Proceedings of the IEEE. 2016. p. 1727–65. Available from: https://ieeexplore.ieee.org/document/7467419 DOI: https://doi.org/10.1109/JPROC.2016.2558521
5. Bianchi T, Brighente A, Conti M, Pavan E. SoK: Stealing Cars Since Remote Keyless Entry Introduction and How to Defend From It. 2025 May 5 [cited 2025 Sep 18]; Available from: https://arxiv.org/pdf/2505.02713v1
6. European Telecommunications Standards Institute. EN 300 220-1 - V3.1.1 - Short Range Devices (SRD) operating in the frequency range 25 MHz to 1 000 MHz; Part 1: Technical characteristics and methods of measurement [Internet]. 2017 [cited 2025 Sep 18]. Available from: https://www.etsi.org/deliver/etsi_en/300200_300299/30022001/03.01.01_60/en_30022001v030101p.pdf
7. Vargas Borbúa R, Reyes Chicango RP, Recalde Herrera L. Ciberdefensa y ciberseguridad, más allá del mundo virtual: modelo ecuatoriano de gobernanza en ciberdefensa/ Cyber-defense and cybersecurity, beyond the virtual world: Ecuadorian model of cyber-defense governance. URVIO - Revista Latinoamericana de Estudios de Seguridad [Internet]. 2017 Mar;(20):31. Available from: https://revistas.flacsoandes.edu.ec/urvio/article/view/2571 DOI: https://doi.org/10.17141/urvio.20.2017.2571
8. Izaguirre Olmedo J, León Gavilánez F. Análisis de los Ciberataques Realizados en América Latina. INNOVA Research Journal [Internet]. 2018 Mar;3(9):180–9. Available from: https://revistas.uide.edu.ec/index.php/innova/article/view/837 DOI: https://doi.org/10.33890/innova.v3.n9.2018.837
9. Mata-Hernandez R, Cardenas-Juarez M, Simon J, Stevens-Navarro E, Rizzardi A. Exploring the Path Loss of a Hacking Tool for Security Matters in the Internet of Things. Proceedings of the 25th Autumn Meeting on Power, Electronics and Computing, ROPEC 2023 [Internet]. 2023;1–6. Available from: https://ieeexplore.ieee.org/document/10409407 DOI: https://doi.org/10.1109/ROPEC58757.2023.10409407
10. Csikor L, Lim HWEI, Wong JWEN, Ramesh S, Parameswarath RP, Chan MC. RollBack: A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems. ACM Transactions on Cyber-Physical Systems [Internet]. 2024 Jan 14 [cited 2025 Sep 18];8(1). Available from: https://dl.acm.org/doi/pdf/10.1145/3627827 DOI: https://doi.org/10.1145/3627827
11. Cass S. The Flipper Zero: A Hacker’s Delight [Internet]. 2023 [cited 2025 Jun 18]. Available from: https://spectrum.ieee.org/flipper-zero-hackers-delight
12. Cass S. A Hacker’s Delight > You’ll Either Love or Hate the Flipper Zero. IEEE Spectr [Internet]. 2023 [cited 2025 Jun 18];60(5):18–20. Available from: https://ieeexplore.ieee.org/document/10120663 DOI: https://doi.org/10.1109/MSPEC.2023.10120663
13. Sachan VK. Comunicaciones Inalámbricas: Principios, Diseños y Aplicaciones. Amazon Digital Services LLC - KDP Print US; 2020.
14. INCIBE. ¡Fácil y sencillo! Análisis de riesgos en 6 pasos [Internet]. 2017 [cited 2025 May 18]. p. 93–9. Available from: https://www.incibe.es/empresas/blog/analisis-riesgos-pasos-sencillo
15. Xavier NL, Villacres F, Avila YP, Inchiglema N, Alejandro. Realizar una infección de Wannacry a una estación de trabajo a través del uso de Flipper Zero y realizar la ingeniería inversa del malware distribuido. Uide.edu.ec [Internet]. 2023; Available from: https://repositorio.uide.edu.ec/handle/37000/6614
16. Cuzme-Rodríguez F, Zambrano-Romero W, Moreira-Zambrano C, Almeida-Zambrano E, Cuenca Álaba W. Security in smart objects, a general view at the physical and logical level. INNOVATION & DEVELOPMENT IN ENGINEERING AND APPLIED SCIENCES [Internet]. 2019 Jun [cited 2025 May 18];1(1):33–46. Available from: https://revistasojs.utn.edu.ec/index.php/ideas/article/view/5 DOI: https://doi.org/10.53358/ideas.v1i1.5
17. Cuzme-Rodríguez F, León-Gudiño M, Suárez-Zambrano L, Domínguez-Limaico M. Offensive Security: Ethical Hacking Methodology on the Web. In: Botto-Tobar M, Barba-Maggi L, González-Huerta J, Villacrés-Cevallos P, S. Gómez O, Uvidia-Fassler M, editors. Information and Communication Technologies of Ecuador (TICEC) TICEC 2018 Advances in Intelligent Systems and Computing [Internet]. Springer, Cham; 2019 [cited 2025 Jun 17]. p. 127–40. Available from: http://link.springer.com/10.1007/978-3-030-02828-2_10 DOI: https://doi.org/10.1007/978-3-030-02828-2_10
18. Jiménez P. La seguridad de los portones eléctricos: ¿qué tan confiables son? - Portones automaticos chile [Internet]. Portones Automaticos. 2023 [cited 2025 Jul 8]. Available from: https://portonesautomaticoschile.cl/que-tan-seguros-son-los-portones-electricos/
19. Ortega Olivares L. Ortega Puertas Auctomáticas. 2022 [cited 2025 Jul 8]. Copiar el control remoto del portón eléctrico, ¿Es seguro? Available from: https://www.puertasautomaticasortega.com/blog/copiar-el-control-remoto-de-porton-electrico-es-seguro/
20. Vélez Ibarrola R. Cálculo de Probabilidades 2 [Internet]. Editorial UNED; 2019 [cited 2025 Jun 18]. Available from: https://pdfcoffee.com/calculo-de-probabilidades-2-2-pdf-free.html.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Smith Francisco Tandayamo-Valencia, Fabián Cuzme-Rodríguez, Luis Suárez-Zambrano, Edgar Jaramillo-Vinueza, Jorge Benalcázar-Gómez (Author)
This work is licensed under a Creative Commons Attribution 4.0 International License.
The article is distributed under the Creative Commons Attribution 4.0 License. Unless otherwise stated, associated published material is distributed under the same licence.
