TLDR:
- Researchers have discovered a new attack called RAMBO that can steal data from air-gapped systems.
- The attack involves manipulating RAM to generate radio signals encoded with sensitive information.
Researchers have uncovered a new cyberattack known as RAMBO, which has the capability to steal data from air-gapped systems. These isolated networks are vulnerable to this attack due to covert channels, such as electromagnetic emissions, that can be exploited by malware to exfiltrate data. The study presents a transmitter and receiver design that can manipulate RAM to encode and transmit sensitive information through radio signals. The attack was tested, showing effective data exfiltration, highlighting the need for robust countermeasures to protect air-gapped networks from such threats.
The attack model involves the transmitter modulating memory access patterns to encode data, then demodulated by the receiver using Manchester encoding for clock synchronization. The data exfiltration through electromagnetic emissions from DDR RAM was effective, with high signal-to-noise ratios and low error rates, despite limitations in high-speed transmissions. Countermeasures such as physical separation, intrusion detection systems, and memory jamming can help mitigate the RAMBO attack, but a combination of approaches is often needed for effective defense.
This covert channel attack poses a significant security risk, allowing attackers to leak various types of information at a rate of hundreds of bits per second. Countermeasures and careful consideration of security measures are crucial to protect air-gapped systems from the RAMBO attack.