Adrian Johnson
TLDR:
RAMBO attack leverages radio signals from a device’s RAM to exfiltrate data from air-gapped networks. Dr. Mordechai Guri has developed various methods to extract data from offline networks. The attack requires prior compromise of the air-gapped network through other means. Countermeasures include enforcing zone restrictions, using intrusion detection systems, monitoring memory access, and using Faraday cages.
Article:
A novel side-channel attack named RAMBO (Radiation of Air-gapped Memory Bus for Offense) has been discovered, utilizing radio signals emitted by a device’s RAM to steal data from air-gapped networks. Dr. Mordechai Guri, head of the Offensive Cyber Research Lab at Ben Gurion University, developed this attack as part of his ongoing research into extracting data from offline networks. The attack involves encoding sensitive information such as files and keystrokes into software-generated radio signals, which can be intercepted and decoded by attackers using off-the-shelf antenna and SDR hardware.
Dr. Guri has previously demonstrated various methods for data exfiltration from air-gapped networks, including leveraging Serial ATA cables, MEMS gyroscope, LEDs on network cards, and power consumption. These attacks require the initial compromise of the air-gapped network through methods like rogue insiders or supply chain attacks. RAMBO manipulates RAM to generate radio signals at clock frequencies, encoding data using Manchester encoding for transmission and interception by attackers.
The attack can exfiltrate data in real-time, including keystrokes, documents, and biometric information, from computers with specific specifications. Countermeasures to mitigate this attack include red-black zone restrictions, intrusion detection systems, memory access monitoring, radio jammers, and Faraday cages.
Overall, RAMBO represents a significant threat to air-gapped networks, highlighting the need for robust security measures to protect against sophisticated data exfiltration techniques like this.
