RAMBO: Leaking Secrets from Air-Gap Computers by Spelling Covert Radio Signals from Computer RAM

TL;DR

This paper demonstrates a novel method for leaking sensitive data from air-gapped computers by generating and transmitting covert radio signals via RAM, which can be intercepted using software-defined radio hardware.

Contribution

The paper introduces a new attack technique that exploits memory buses to generate radio signals for data exfiltration from air-gapped systems, with detailed implementation and mitigation strategies.

Findings

Data can be leaked at 1000 bits per second.

Radio signals are generated from memory buses using malware.

Countermeasures can mitigate this covert channel.

Abstract

Air-gapped systems are physically separated from external networks, including the Internet. This isolation is achieved by keeping the air-gap computers disconnected from wired or wireless networks, preventing direct or remote communication with other devices or networks. Air-gap measures may be used in sensitive environments where security and isolation are critical to prevent private and confidential information leakage. In this paper, we present an attack allowing adversaries to leak information from air-gapped computers. We show that malware on a compromised computer can generate radio signals from memory buses (RAM). Using software-generated radio signals, malware can encode sensitive information such as files, images, keylogging, biometric information, and encryption keys. With software-defined radio (SDR) hardware, and a simple off-the-shelf antenna, an attacker can intercept transmitted raw radio signals from a distance. The signals can then be decoded and translated back into binary information. We discuss the design and implementation and present related work and evaluation results. This paper presents fast modification methods to leak data from air-gapped computers at 1000 bits per second. Finally, we propose countermeasures to mitigate this out-of-band air-gap threat.