Governments and other institutions often use systems without network access. But the RAMBO method allows you to send data from RAM to the outside.
According to report According to Dr. Mordechai Guri, a researcher at Ben-Gurion University of the Negev in Israel, isolated systems are not protected from external threats. The researcher used a computer’s RAM to generate a radio signal and transmit data using it. He called this attack RAMBO (Radiation of Air-gapped Memory Bus for Offense, «Radiation of Air-gapped Memory Bus for Offense»).
«Malicious software on a compromised computer can generate radio signals from the memory bus (RAM). Using the radio signals generated by the software, the malware can encode sensitive information such as files, images, keyboard logs, biometric information, and encryption keys. Using software-defined radio (SDR) hardware and a simple off-the-shelf antenna, an attacker can intercept transmitted raw radio signals at a distance of», — writes Mordechai Guri.
Theoretically, this method could be used by external attackers to intercept and steal sensitive data without internet or physical access to the system. The bandwidth achieved in the experiments was 1000 bits per second, meaning that it would take almost 100 days to download 1 GB of data. However, an attacker would still need to infect the target computer with malware to create such a radio transmitter.
«When data is transferred over the RAM bus, it involves rapid changes in voltage and current, mainly on the data bus. These voltage fluctuations create electromagnetic fields that can radiate electromagnetic energy through electromagnetic interference (EMI) or radio frequency interference (RFI)», — the article says.
Using a computer with a 3.6 GHz Intel Core i7 processor and 16 GB of RAM running at 2.133-2.400 GHz, Guri demonstrated that small files can be transferred in about 400 seconds over a distance of 7 meters. This is enough bandwidth to run a real-time keylogger. Shorter distances would result in higher speeds.
The publication suggests some measures to counteract such attacks: zone restrictions, host intrusion detection systems, external electromagnetic spectrum monitoring, memory blocking, radio suppression, and Faraday cages.
Source: Cybernews