A new type of attack called the RAM-Based Radio Signals attack, or RAMBO, has been developed by researchers at Ben-Gurion University of the Negev. This attack exploits radio signals emitted by random access memory (RAM) in air-gapped computers, posing a significant threat to highly secure networks that are physically isolated from the internet.
Air-gapped networks, commonly found in sensitive environments like military installations and critical infrastructure, are vulnerable to sophisticated attacks like RAMBO. This attack allows attackers to exfiltrate data from these systems using radio frequencies generated by the computer’s RAM. The RAM’s electrical activity can be manipulated to generate electromagnetic signals that encode sensitive information, such as encryption keys and biometric data, which can then be intercepted and decoded by an attacker.
The RAMBO attack is carried out in several phases, starting with the compromise of the air-gapped network through physical means like infected USB drives or insider threats. Once malware is introduced, it gains access to the memory and manipulates the RAM’s electrical activity to generate radio frequency signals. These signals can be intercepted by an attacker using a software-defined radio receiver and a simple antenna, allowing for the exfiltration of data from the compromised machine.
One of the key advantages of the RAMBO attack is its ability to transmit data at a rate of up to 1,000 bits per second, making it a fast and effective method for extracting sensitive information. Traditional methods like USB drives are no longer necessary, as attackers can now rely on the covert signals generated by the computer’s RAM to exfiltrate data.
To mitigate the risk of RAMBO attacks, researchers recommend covering sensitive machines with Faraday shielding, which blocks radio signals from escaping. Other countermeasures include restricting physical access to air-gapped machines, disabling USB ports, and monitoring memory usage for suspicious activity. While Faraday shielding may be expensive, organizations must assess their risk and determine the appropriate level of protection needed to safeguard their sensitive data from these types of attacks.
