This paper systematically uncovers security threats and malicious exploitation risks inherent in radio-frequency (RF) sensing technologies. Motivated by their dual vulnerabilities—stemming from non-intrusiveness, environmental sensitivity, and data dependency—it proposes the first three-dimensional classification framework integrating task type, threat vector, and sensing modality. This framework unifies six attack categories: signal spoofing, adversarial perturbations, model poisoning, cross-boundary surveillance, side-channel inference, and semantic privacy leakage. Through cross-layer security analysis, scenario-driven vulnerability testing, and defense efficacy evaluation, the work establishes a structured protection architecture encompassing both active and passive paradigms. The resulting methodology delivers a practical, deployable security assessment framework and hardening guidelines for RF sensing systems, thereby addressing a critical research gap in systematic threat modeling and holistic defense design for RF-based perception.

Radio Frequency (RF) sensing technologies have experienced significant growth due to the widespread adoption of RF devices and the Internet of Things (IoT). These technologies enable numerous applications across healthcare, smart homes, industrial automation, and human-computer interaction. However, the non-intrusive and ubiquitous nature of RF sensing - combined with its environmental sensitivity and data dependency - makes these systems inherently vulnerable not only as attack targets, but also as powerful attack vectors. This survey presents a comprehensive analysis of RF sensing security, covering both system-level vulnerabilities - such as signal spoofing, adversarial perturbations, and model poisoning - and the misuse of sensing capabilities for attacks like cross-boundary surveillance, side-channel inference, and semantic privacy breaches. We propose unified threat models to structure these attack vectors and further conduct task-specific vulnerability assessments across key RF sensing applications, identifying their unique attack surfaces and risk profiles. In addition, we systematically review defense strategies across system layers and threat-specific scenarios, incorporating both active and passive paradigms to provide a structured and practical view of protection mechanisms. Compared to prior surveys, our work distinguishes itself by offering a multi-dimensional classification framework based on task type, threat vector, and sensing modality, and by providing fine-grained, scenario-driven analysis that bridges theoretical models and real-world implications. This survey aims to serve as a comprehensive reference for researchers and practitioners seeking to understand, evaluate, and secure the evolving landscape of RF sensing technologies.