Unsupervised pre-trained models (PTMs) for radio-frequency (RF) fingerprinting face emerging threats from data-free backdoor attacks, yet existing methods require access to training data, labels, or downstream tasks. Method: This paper proposes the first protocol-agnostic PTM backdoor attack under strictly data-free, label-free, and downstream-task-inaccessible conditions. Its core innovation lies in establishing a mapping between learnable triggers and predefined output representations (PORs), integrated with feature-space trigger synthesis, POR-guided implicit backdoor training, and cross-protocol signal representation alignment—enabling end-to-end, data-free backdoor injection. Contribution/Results: Extensive experiments demonstrate attack success rates exceeding 92% across diverse RF protocols (Wi-Fi, LoRa, BLE), multiple PTMs, and downstream tasks, while evading state-of-the-art detection methods. This work breaks the conventional paradigm reliant on data access or fine-tuning, establishing a new benchmark for security evaluation of PTMs in RF systems.

While supervised deep neural networks (DNNs) have proven effective for device authentication via radio frequency (RF) fingerprinting, they are hindered by domain shift issues and the scarcity of labeled data. The success of large language models has led to increased interest in unsupervised pre-trained models (PTMs), which offer better generalization and do not require labeled datasets, potentially addressing the issues mentioned above. However, the inherent vulnerabilities of PTMs in RF fingerprinting remain insufficiently explored. In this paper, we thoroughly investigate data-free backdoor attacks on such PTMs in RF fingerprinting, focusing on a practical scenario where attackers lack access to downstream data, label information, and training processes. To realize the backdoor attack, we carefully design a set of triggers and predefined output representations (PORs) for the PTMs. By mapping triggers and PORs through backdoor training, we can implant backdoor behaviors into the PTMs, thereby introducing vulnerabilities across different downstream RF fingerprinting tasks without requiring prior knowledge. Extensive experiments demonstrate the wide applicability of our proposed attack to various input domains, protocols, and PTMs. Furthermore, we explore potential detection and defense methods, demonstrating the difficulty of fully safeguarding against our proposed backdoor attack.