Cybersecurity researchers have discovered a technique to steal data from isolated computers using RAM’s electromagnetic signals.
A group of cybersecurity researchers from Ben-Gurion University of the Negev, Israel, has uncovered a fascinating yet concerning method to extract sensitive data from highly secure systems.
This innovative technique is dubbed RAMBO (Radiation of Air-gapped Memory Bus for Offense), and it takes advantage of the electromagnetic emissions generated by a computer’s RAM (Random Access Memory) during its operations.
What is an Air-Gapped System?
An air-gapped computer is a device that is disconnected from any network, including the internet, to safeguard critical information.
These systems are typically used in environments where maximum security is required, such as military bases, government agencies, and financial institutions.
Even if malware were somehow introduced into the system, such as via a USB drive, the isolated nature of air-gapped computers would make it difficult to transmit data outside the system. However, the RAMBO attack changes the game.
How Does the RAMBO Attack Work?
The RAMBO attack exploits the electromagnetic radiation emitted by the RAM while the computer is in use.
Malware planted on the air-gapped system can manipulate the RAM to send out electromagnetic signals, which are then picked up by a nearby recipient. This recipient would need to be relatively close to the target computer for the attack to succeed.
While the method is ingenious, it comes with certain limitations. One major drawback is the extremely slow transfer rate. According to the researchers, it would take more than two hours to exfiltrate just 1 megabyte of data, making it impractical for large files or databases.
However, this approach could still be highly effective for stealing small pieces of sensitive information, such as passwords, keystrokes, or other low-volume data.
How to Protect Air-Gapped Systems from RAMBO Attacks
Even though RAMBO might seem like something straight out of a spy movie, there are some practical ways to defend against it. The most effective measure is to ensure that unauthorized personnel are kept far from air-gapped systems.
Since the attacker needs to be physically close to the target device, limiting access to the area around such critical systems can reduce the risk significantly. Also, using special shielding for sensitive systems to block electromagnetic emissions could add an extra layer of security.