Akademik Veri Yönetim Sistemi
International Conference on Mathematics and Mathematics Education (ICMME-2025), İstanbul, Türkiye, 11 - 13 Eylül 2025, ss.101, (Özet Bildiri)
The rapid proliferation of low-cost Internet of Things (IoT) devices has introduced significant security challenges, particularly in wireless communication protocols operating on unlicensed frequency bands. This study experimentally investigates the vulnerability of IoT systems using fixed-code transmission in the 315 MHz and 433 MHz frequency bands. A custom-built transmitter-receiver setup, combined with a HackRF One software-defined radio and GNU Radio, was used to capture and replay signals in a controlled environment. Results revealed that replay attacks achieved a 100% success rate, as the receiving devices lacked encryption, authentication, or frequency-hopping mechanisms. Specifically, captured signals— when retransmitted with identical parameters—were consistently accepted as legitimate, enabling full unauthorized control over the target system. During tests, an average of 50 replayed transmissions per trial were performed, all of which bypassed the system without detection. These findings confirm that the absence of rolling codes and lightweight cryptographic schemes in low-cost IoT devices creates exploitable vulnerabilities. Comparative analysis with existing literature highlights similar outcomes in consumer IoT environments such as garage door openers and smart home systems, where simple software-defined radio attacks compromise operational integrity. To address these vulnerabilities, this study proposes the integration of rolling code algorithms, AES-based lightweight encryption, frequencyhopping spread spectrum techniques, and basic authentication protocols. The results emphasize the urgency of adopting “security by design” principles in IoT device development. Without implementing such measures, even inexpensive tools can execute replay attacks that compromise device functionality and user safety.