A novel side-channel attack has been discovered by researchers from Ben-Gurion University of the Negev, posing a significant threat to highly secure networks. This new technique, known as the RAMBO (RAM-Based Radio Signals) attack, exploits radio signals emitted by random access memory in air-gapped computers, allowing attackers to exfiltrate sensitive data.
Air-gapped networks, which are physically isolated from the internet and have no wired or wireless communication channels, are commonly used in sensitive environments such as military installations and critical infrastructure. However, leader researcher Mordechai Guri demonstrated in newly published research that even these environments are vulnerable to sophisticated attacks like RAMBO.
The researchers found a way to manipulate the electrical currents flowing through a computer’s memory bus, generating electromagnetic signals that can be intercepted and decoded by attackers. By modulating these emissions to represent binary data, malware inside the air-gapped system can transmit sensitive information such as encryption keys, biometric data, or entire files to a remote receiver outside the network.
The attack is carried out in multiple phases, starting with compromising the air-gapped network through physical means like an infected USB drive or an insider threat. Once malware infects the target machine, it gains access to the memory and generates radio frequency signals by manipulating the RAM’s electrical activity. These signals can then be intercepted by attackers using a software-defined radio receiver and a simple antenna placed within a certain range of the compromised machine.
The key innovation of the RAMBO attack lies in using RAM to produce these covert signals, making it difficult to detect. The researchers were able to transmit data at a rate of up to 1,000 bits per second using on-off keying modulation technique, allowing for the quick exfiltration of sensitive information.
With RAMBO, attackers no longer need to rely on traditional methods like USB drives to extract data from air-gapped networks. As long as the target machine is operational, attackers can siphon off information through the radio signals generated by its RAM. To mitigate the risk posed by the RAMBO attack, potential countermeasures include covering sensitive machines with Faraday shielding, restricting physical access to air-gapped machines, disabling USB ports, and monitoring memory usage for suspicious activity.
While Faraday shielding can be costly and impractical for all environments, organizations are urged to assess their risk and determine the appropriate level of protection. As Guri emphasized, the threat of data exfiltration through RAM emissions is a reality that organizations need to prepare for.
In conclusion, the RAMBO attack presents a significant challenge to air-gapped networks, highlighting the importance of implementing robust security measures to safeguard sensitive data from sophisticated cyber threats. Organizations must stay vigilant and adopt proactive security measures to mitigate the risk of data exfiltration through novel attack vectors like RAMBO.