Researchers have recently introduced a novel side-channel attack called “RAMBO” (Radiation of Air-gapped Memory Bus for Offense), which targets air-gapped computers by exploiting electromagnetic radiation emitted from a device’s RAM. Air-gapped systems are designed to be isolated from external networks to enhance security and prevent data breaches. However, RAMBO demonstrates that even these highly secure environments are vulnerable to data exfiltration through advanced techniques. By manipulating memory access patterns to generate controlled electromagnetic emissions, RAMBO can transmit sensitive information without being detected by conventional security measures.
The RAMBO attack operates by planting malware on an air-gapped computer to gather and prepare data for transmission. This malware modulates the RAM’s memory access patterns, generating radio signals that encode the data into binary form. The emitted signals are then captured by a relatively inexpensive Software-Defined Radio (SDR) equipped with an antenna. The use of On-Off Keying (OOK) modulation, along with Manchester encoding for error detection, allows the data to be transmitted reliably even with a 2-4% bit error rate over short distances.
Performance tests show that RAMBO can achieve data transfer rates of up to 1,000 bits per second (bps), translating to approximately 128 bytes per second. While this rate makes RAMBO suitable for stealing small amounts of data, such as text or keystrokes, it would take several hours to exfiltrate larger files, like images or encryption keys. The effective range of the attack varies based on transmission speed, with fast transmissions working up to 3 meters and slow transmissions reaching up to 7 meters. Despite its limitations, RAMBO presents a significant threat to air-gapped systems, highlighting the need for robust security measures.
To counteract the RAMBO attack and similar electromagnetic-based threats, researchers recommend several mitigation strategies. These include enhancing physical security through strict zone restrictions, implementing RAM jamming to disrupt the attack at the source, and using external electromagnetic jamming to interfere with radio signals. Additionally, Faraday enclosures can block electromagnetic radiation from emanating outside the air-gapped system. While these measures introduce additional overhead, they are crucial for protecting sensitive environments from advanced covert attacks.
Reference:
