Due to radiation, the contents of PC memory spread 7 meters around – and this is a security problem

Cybersecurity experts from Israel have discovered a new way to steal data from isolated computer systems. These systems, used in critical structures such as military installations, government agencies and nuclear power plants, are physically cut off from the Internet to protect against external threats. However, a new attack to intercept sensitive information, called RAMBO, uses electromagnetic radiation generated by RAM operation.

Image source: Copilot

Despite the lack of a direct connection to the Internet, writes BleepingComputer, systems with an air gap (Air-gapped) still appear to be susceptible to compromise. Attackers can inject malware through physical media, such as USB drives, or use a more complex chain of actions to establish communication with a PC. Malware embedded in a system can silently manipulate components of RAM, generating controlled electromagnetic pulses that transmit information from computers.

The data is encoded into RF signals, where “1” and “0” are represented as “on” and “off”. To increase transmission reliability and reduce errors, the Manchester code is used, which is an absolute bipulse encoding of the original binary data using a binary digital signal. A hacker can intercept these signals using low-cost software-defined radios (SDRs) and decode them back into binary code. At the same time, the data transfer rate during the RAMBO (Radiation of Air-gapped Memory Bus for Offense) attack is low and reaches 1000 bits per second (bps), which is equivalent to 0.125 KB/s. However, as the researchers note, “this is sufficient to steal small amounts of data, such as text, keystrokes, and small files.” For example, stealing a password takes between 0.1 and 1.28 seconds, while a 4096-bit RSA encrypted key takes between 4 and 42 seconds.

Image source: Arxiv.org

In turn, the data transmission range depends on the transmission speed. At maximum speed (1000 bits per second), the signal is stable at a distance of up to 3 meters, but as the distance increases, the likelihood of errors also increases. When the speed is reduced to 500 bits per second and below, the transmission range can reach 7 meters. Researchers experimented with higher speeds, but found that above 5Kbps the signal became too weak to reliably transmit information. “We found that the data rate should not exceed 5000 bits per second, otherwise the signal becomes too weak and contains a lot of noise,” the study authors report.

The published scientific work suggests several methods to protect against RAMBO attacks and other similar methods. These include enhanced physical protection, suppression of electromagnetic emissions generated by random access memory (RAM), external radio frequency interference, and the use of Faraday shielding enclosures to block electromagnetic emissions. The researchers also tested the effectiveness of the RAMBO attack on virtual machines and found that the vulnerability works even in this environment. However, the interaction of the host system’s RAM with the operating system and other virtual machines can cause the attack to fail. “Although we have shown that the RAMBO attack works in virtual environments, interaction with the host system can cause it to crash,” the researchers explain.