Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
Scientists from the University of Israel have developed a new method of cyberattack, dubbed "RAMBO" (Radiation of Air-gapped Memory Bus for Offense). This method allows attackers to transmit data from computers isolated from the network through electromagnetic radiation that occurs during the operation of RAM.
Systems located in critical sectors such as government agencies, nuclear power plants and military systems usually use the so-called Air Gap to ensure the highest level of safety. Air gap systems are not connected to the internet or other networks, which minimizes the risks of malware infection and data breaches. However, even such systems can be attacked if malware is introduced physically, such as through USB drives or as a result of sophisticated supply chain attacks.
The RAMBO method allows an attacker to use the RAM of an infected computer to transmit classified information. Malware installed on an isolated system creates certain memory read and write patterns that generate controlled electromagnetic emissions. Signals can be intercepted using relatively inexpensive radios with an antenna.
In a RAMBO attack, data is encoded into a binary format — "1" and "0", where one is represented as turning on the signal, and zero is represented as turning it off. To improve the accuracy of transmission, the Manchester code is used, which ensures signal synchronization and minimizes errors.
The data transfer rate using the RAMBO method reaches 1000 bits per second, which is equivalent to 128 bytes per second. This doesn't allow you to transfer large amounts of data, but it's enough to steal text information, passwords, RSA keys, and small files. For example, it takes only 0.1 to 1.28 seconds to steal a password, and 25 to 250 seconds to transfer an image.
The transmission distance depends on the speed of the signal and the quality of reception. At maximum speed, data can be transmitted up to 1 meter with minimal error, at medium speed up to 1.5 meters, and at low speeds, when there are virtually no errors, data can be transmitted up to 7 meters. Attempts to increase the speed to 10,000 bits per second led to a significant deterioration in the signal-to-noise ratio, which made data transmission inefficient.
To protect against the RAMBO attack, the researchers proposed several ways. Among them are the physical restriction of access to isolated systems, the use of signal jamming systems in RAM, external devices for jamming radio signals, and the installation of Faraday cages that prevent electromagnetic radiation from escaping outside the protected area.
It is worth noting that the RAMBO attack remains effective even in virtualized environments. Although the interaction between the host and the virtual machines can disrupt the stability of the transfer, the technique still proves to work in such conditions.
Source
Systems located in critical sectors such as government agencies, nuclear power plants and military systems usually use the so-called Air Gap to ensure the highest level of safety. Air gap systems are not connected to the internet or other networks, which minimizes the risks of malware infection and data breaches. However, even such systems can be attacked if malware is introduced physically, such as through USB drives or as a result of sophisticated supply chain attacks.
The RAMBO method allows an attacker to use the RAM of an infected computer to transmit classified information. Malware installed on an isolated system creates certain memory read and write patterns that generate controlled electromagnetic emissions. Signals can be intercepted using relatively inexpensive radios with an antenna.
In a RAMBO attack, data is encoded into a binary format — "1" and "0", where one is represented as turning on the signal, and zero is represented as turning it off. To improve the accuracy of transmission, the Manchester code is used, which ensures signal synchronization and minimizes errors.
The data transfer rate using the RAMBO method reaches 1000 bits per second, which is equivalent to 128 bytes per second. This doesn't allow you to transfer large amounts of data, but it's enough to steal text information, passwords, RSA keys, and small files. For example, it takes only 0.1 to 1.28 seconds to steal a password, and 25 to 250 seconds to transfer an image.
The transmission distance depends on the speed of the signal and the quality of reception. At maximum speed, data can be transmitted up to 1 meter with minimal error, at medium speed up to 1.5 meters, and at low speeds, when there are virtually no errors, data can be transmitted up to 7 meters. Attempts to increase the speed to 10,000 bits per second led to a significant deterioration in the signal-to-noise ratio, which made data transmission inefficient.
To protect against the RAMBO attack, the researchers proposed several ways. Among them are the physical restriction of access to isolated systems, the use of signal jamming systems in RAM, external devices for jamming radio signals, and the installation of Faraday cages that prevent electromagnetic radiation from escaping outside the protected area.
It is worth noting that the RAMBO attack remains effective even in virtualized environments. Although the interaction between the host and the virtual machines can disrupt the stability of the transfer, the technique still proves to work in such conditions.
Source
