A team of Israeli university researchers from Ben Gurion University, led my Mordechai Guri, has developed a way for an air-gapped computer to transmit data wirelessly using the electromagnetic transmissions emitted by its RAM sticks, reports BleepingComputer. An air-gapped PC is a computer that is not connected to any network — whether ethernet, Wi-Fi, Bluetooth, or any other form of remote data connection. Theoretically, this would make it next to impossible to get data from that device without the attacker gaining physical access to it.
However, Guri and their team have found a way to exploit the weakness of every electronic computer — its electromagnetic transmissions — to exfiltrate data without a wired or wireless connection. This type of attack, called RAMBO or Radiation of Air-gapped Memory Bus for Offense, is executed by installing malware on the target PC. It will then run an On-Off Keying (OOK) attack, which will surreptitiously switch signals rapidly within the RAM.
Since electronic devices (like the RAM sticks) always emit radio frequency signals, no matter how minute, the attacker could then intercept the back-and-forth switching of radio signals coming from the RAM through a Software-Defined Radio and record it as binary information.
In tests, RAMBO could only move data at around 128 bytes per second (0.125 KB/s), which is rather slow (around 450 kilobytes per hour) compared to the massive amounts of data we casually transmit today. However, it could still be useful for stealing text files, keystrokes, passwords, and even small, low-resolution images.
Since this type of attack isn’t monitored by most security products, there would be no way to detect it if it’s happening. The hardest part for nay attacker would be to install the malware on the air-gapped system. Most likely some kind of social engineering technique, like a dropped USB stick would be used. That may sound improbable but it was the suspected attack vector used in the Stuxnet attacks against Iran.
Once the targeted computer has been affected, the attacker needs to be nearby to record the radio frequency (RF) emissions. The receiving device should be at most three meters (or 10 feet) away from the target for fast and real-time transmissions. On the other hand, medium-speed transmissions work up to 4.5 meters (or 15 feet), and slow transmissions are viable up to seven meters or 23 feet away.
While the attacker needs to have a nearby receiver to gather the RF data from its target, espionage agencies have time and again proven their skill of infiltrating even the most secure places to place data-gathering devices.
This isn’t the first time that Guri has developed novel and unusual ways to exfiltrate data. Their team has developed cyberattacks that targeted PSUs, monitor brightness, PC fan vibrations, and even the SATA cable. However, the sophistication required for this attack means that the average computer user would likely be unaffected. After all, the resources involved with RAMBO would likely not make it worth it for stealing credit card or social security numbers. But if you’re a government entity using an air-gapped PC to control your country’s nuclear missiles, then you better watch out.
