This work uncovers a novel security vulnerability in radio frequency fingerprinting (RFF) under collusive co-malicious attacks: adversaries, synchronized with the receiver, precisely replicate legitimate transmitters’ RF characteristics to achieve cross-channel and cross-environment identity spoofing. To this end, we propose the first collusion-driven RF-level mimicry attack framework. It leverages structural properties of centralized log-power spectra for modeling and introduces a forged-signal generation network integrating a variational autoencoder with a multi-objective loss function, effectively emulating channel impairments including AWGN, multipath fading, and Doppler shift. Experiments demonstrate attack success rates exceeding 95% across diverse channel conditions. Our findings systematically expose fundamental defense deficiencies in existing RFF systems designed to be robust against channel variations, thereby establishing a new paradigm for RFF security evaluation and hardening.

Radio frequency fingerprint (RFF) is a promising device identification technology, with recent research shifting from robustness to security due to growing concerns over vulnerabilities. To date, while the security of RFF against basic spoofing such as MAC address tampering has been validated, its resilience to advanced mimicry remains unknown. To address this gap, we propose a collusion-driven impersonation attack that achieves RF-level mimicry, successfully breaking RFF identification systems across diverse environments. Specifically, the attacker synchronizes with a colluding receiver to match the centralized logarithmic power spectrum (CLPS) of the legitimate transmitter; once the colluder deems the CLPS identical, the victim receiver will also accept the forged fingerprint, completing RF-level spoofing. Given that the distribution of CLPS features is relatively concentrated and has a clear underlying structure, we design a spoofed signal generation network that integrates a variational autoencoder (VAE) with a multi-objective loss function to enhance the similarity and deceptive capability of the generated samples. We carry out extensive simulations, validating cross-channel attacks in environments that incorporate standard channel variations including additive white Gaussian noise (AWGN), multipath fading, and Doppler shift. The results indicate that the proposed attack scheme essentially maintains a success rate of over 95% under different channel conditions, revealing the effectiveness of this attack.