‘RAMBO’ Cyberattack Can Steal Biometric Data from an Air-gapped Network

A newly discovered cyberattack method, called RAMBO (Radiation of Air-gapped Memory Bus for Offense), uses radio signals emitted from a computer’s RAM to steal sensitive information from air-gapped networks—computers that are isolated from the internet.

The attack, discovered by Dr. Mordechai Guri at Ben-Gurion University, allows malware to manipulate a computer’s RAM to generate radio signals, which can be intercepted by a nearby attacker using simple radio equipment.

The RAMBO technique can extract data such as files, keystrokes, biometric information, and encryption keys from an air-gapped system by encoding the data into the emitted radio signals. The attacker can then capture and decode these signals to retrieve the stolen information.

However, for this method to work, the system must first be infected with malware, which typically requires physical access or the use of compromised USB drives.

“Malware on a compromised computer can generate radio signals from memory buses (RAM),” explained Dr. Guri. “Using software-generated radio signals, malware can encode sensitive information such as files, images, keylogging, biometric information, and encryption keys. With software-defined radio (SDR) hardware, and a simple off-the-shelf antenna, an attacker can intercept transmitted raw radio signals from a distance,”

Although the transmission rate is relatively slow – around 1,000 bits per second, meaning downloading 1GB of data would take several months – the method is still capable of extracting small files and sensitive data.

The research highlights potential countermeasures, such as using a Faraday cage; an enclosure made of conductive material that blocks external electromagnetic fields, preventing radio signals or electromagnetic radiation from passing through.

Source: The Hacker News, Cybernews

–

September 10, 2024 – by Tony Bitzionis