web analytics

RAM Signals Expose Air-Gapped Networks to Attacks – Source: www.databreachtoday.com

ram-signals-expose-air-gapped-networks-to-attacks-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Endpoint Security
,
Hardware / Chip-level Security

RAM-Based Radio Signal Attack Allows Attackers to Exfiltrate Data

Prajeet Nair (@prajeetspeaks) •
September 10, 2024    

RAM Signals Expose Air-Gapped Networks to Attacks
Slap a Faraday cage around these motherboards to stop RAMBO attacks. (Image: Shutterstock)

A novel side-channel attack exploits radio signals emitted by random access memory in air-gapped computers, presenting a new threat to highly secure networks.

See Also: OnDemand | Protecting Devices and Software from Next-Generation Cyberthreats

Researchers from Ben-Gurion University of the Negev introduced a new technique called the RAMBO, for RAM-Based Radio Signals attack, which allows attackers to exfiltrate data from air-gapped systems using radio frequencies generated by RAM.

Air-gapped networks are physically isolated from the internet, with no wired or wireless communication channels available, making them common in sensitive environments such as military installations and critical infrastructure.

Leader researcher Mordechai Guri in newly published research demonstrated that even those environments are vulnerable to sophisticated attacks.

“Attackers can turn the very hardware inside these systems into an antenna,” Guri said. “This takes the concept of data leakage to a new level. We’re not just talking about files or passwords anymore – we’re talking about the memory of the computer itself acting as a covert communication device.”

Guri and his team developed a method to manipulate the electrical currents flowing through a computer’s memory bus, generating electromagnetic signals that could be intercepted and decoded by an attacker with the right equipment. The emissions can be modulated to represent binary data, allowing malware inside the air-gapped system to transmit sensitive information – such as encryption keys, biometric data or even entire files – to a remote receiver outside the network.

The attack is carried out in several phases, Guri said. First, the air-gapped network must be compromised, typically through physical means such as an infected USB drive or insider threat. Once malware is introduced, it infects the target machine, gaining access to the memory.

From there, the malware generates radio frequency signals by manipulating the RAM’s electrical activity. The signals can then be intercepted by an attacker using a software-defined radio receiver and a simple antenna placed within a certain range of the compromised machine.

The key innovation of the RAMBO attack is the use of RAM to produce these covert signals, a method that is difficult to detect. The RAM bus, which connects the central processing unit to memory, is constantly transferring data, generating electrical signals that generate electromagnetic interference. By carefully controlling this electrical activity, the attacker can encode data in the emitted signals.

The researchers were able to transmit data at a rate of up to 1,000 bits per second, enough to exfiltrate sensitive information relatively quickly. This is done using a modulation technique called on-off keying, where the presence or absence of a signal represents binary data.

With RAMBO, attackers no longer need to rely on traditional methods such as USB drives to extract data from air-gapped networks. As long as the target machine is running, an attacker can potentially siphon off information through the radio signals generated by its RAM.

“Imagine a scenario where sensitive government or corporate data is being exfiltrated through RAM emissions. This is no longer a hypothetical threat. It’s happening, and organizations need to prepare,” Guri said.

While the RAMBO attack poses a significant threat, Guri’s research includes potential countermeasures. One of the most effective ways to mitigate the risk is to cover sensitive machines with Faraday shielding.

This involves enclosing the computer in a metal case that blocks radio signals from escaping. Other countermeasures include restricting physical access to air-gapped machines, disabling USB ports and monitoring memory usage for suspicious activity.

“Faraday shielding can be expensive, and it’s not a practical solution for all environments. Organizations need to assess their risk and decide on the appropriate level of protection,” Guri said.

Original Post url: https://www.databreachtoday.com/ram-signals-expose-air-gapped-networks-to-attacks-a-26258

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Joas Antonio
ChatGPT for Cybersecurity by Joas Antonio dos Santos – malwareanalysis #reverseengineering
ChatGPT for Cybersecurity by Joas...
CISO2CISO Notepad Series
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
How Can We Structure Cybersecurity...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

Google Cloud
Board of Directors Handbook for Cloud Risk Governance
Board of Directors Handbook for...
ISACA
Blueprint for Ransomware Defense
Blueprint for Ransomware Defense
Shaurya Rawal
Blockchain Security
Blockchain Security
RISK academy
BEST RISK MANAGEMENT PROMPTS FOR CHATGPT
BEST RISK MANAGEMENT PROMPTS FOR...
IGNITE Technologies
Best Alternative of Netcat
Best Alternative of Netcat
aws
AWS Security Incident Response Guide
AWS Security Incident Response Guide
DevSecOps Guide
Attacking Rust
Attacking Rust
DevSecOps Guide
Attacking Pipeline
Attacking Pipeline
DevSecOps Guide
Attacking Golang
Attacking Golang
HADESS
Assembly for Hackers
Assembly for Hackers
BIONIC
Application Security Posture Management
Application Security Posture Management
Wallarm
API ThreatStatsTM Report
API ThreatStatsTM Report

More Latest Published Posts

ChiefExecutive
Ciberseguridad: Prioridad Estratégica para los CEO.
Ciberseguridad: Prioridad Estratégica para los CEO.
CYBER SECURITY COALITION
CYBER SECURITY INCIDENT MANAGEMENT GUIDE
CYBER SECURITY INCIDENT MANAGEMENT GUIDE
INL/EXT
Cybersecurity for Distributed Wind
Cybersecurity for Distributed Wind
ARTIC WOLF
Cybersecurity Compliance Guide
Cybersecurity Compliance Guide
ESRAA MOHAMAD
ELEARN SECURITY CERTIFIED INCIDENT RESPONSE
ELEARN SECURITY CERTIFIED INCIDENT RESPONSE
DRAGOS
Impact of FrostyGoop ICS Malware on Connected OT Systems
Impact of FrostyGoop ICS Malware on Connected OT Systems
Victor Tong
Digital Operational Resilience Act – Control Mappings
Digital Operational Resilience Act – Control Mappings
ARMIS
DORA Resiliency Guide Strengthening Cybersecurity and Operational Resilience in the Financial Sector
DORA Resiliency Guide Strengthening Cybersecurity and Operational Resilience in the Financial Sector
IGNITE Technologies
Docker Penetration Testing
Docker Penetration Testing
IGNITE Technologies
Disk Group Privilege Escalation
Disk Group Privilege Escalation
Hiral Patel
Data LossPrevention(DLP)
Data LossPrevention(DLP)
Polygon
Digital identity – Deutsche Bank Corporate Bank
Digital identity – Deutsche Bank Corporate Bank
CSA Cloud Security Alliance
The Six Pillars of DevSecOps:Collaboration andIntegration
The Six Pillars of DevSecOps:Collaboration andIntegration
ASPIRE SYSTEMS
A complete guide toImplementingDevSecOps in AWS
A complete guide toImplementingDevSecOps in AWS
GAO
CYBERSECURITY PROGRAM AUDIT GUIDE
CYBERSECURITY PROGRAM AUDIT GUIDE
Apress
Demystifying Intelligent Multimode Security Systems An SystemsAn Edge-to-Cloud Cybersecurity Solutions Guide
Demystifying Intelligent Multimode Security Systems An SystemsAn Edge-to-Cloud Cybersecurity Solutions Guide
PWC
Data Privacy Handbook
Data Privacy Handbook
CERT-EU
DDoS Overview and Response Guide
DDoS Overview and Response Guide
IGNITE Technologies
Data Exfiltration Cheat Sheet
Data Exfiltration Cheat Sheet
CRC Press
Data Privacy for the Smart Grid
Data Privacy for the Smart Grid
New York State
Cybersecurity Program Template A resource to help individual licensees and individually owned businesses develop a cybersecurity program as required by New York State’s Cybersecurity Regulation 23 NYCRR Part 500
Cybersecurity Program Template A resource to help individual licensees and individually owned businesses develop a cybersecurity program as required by New York State’s Cybersecurity Regulation 23 NYCRR Part 500
Apress
Cyber Security on Azure An IT Professional’s Guide to Microsoft Azure Security
Cyber Security on Azure An IT Professional’s Guide to Microsoft Azure Security
CyberJA
ASSET IDENTIFICATION & CLASSIFICATION-A CRITICAL COMPONENT OF CYBER RISK MANAGEMENT
ASSET IDENTIFICATION & CLASSIFICATION-A CRITICAL COMPONENT OF CYBER RISK MANAGEMENT
SOSAFE
CybercrimeTrends 2024 The latest threats and security best practices
CybercrimeTrends 2024 The latest threats and security best practices
Routledge
Cyber Security Politics Socio-Technological Transformations and Political Fragmentation
Cyber Security Politics Socio-Technological Transformations and Political Fragmentation
Hidaia Mahmood Alassouli
Common Windows, Linux and Web Server SystemsHacking Techniques
Common Windows, Linux and Web Server SystemsHacking Techniques
Cigref
Surviving a Massive cyber-attack by Cigref
Surviving a Massive cyber-attack by Cigref
Splunk
SPLUNK® AND THE CIS CRITICALSECURITY CONTROLS Mapping Splunk Software to the CIS 20 CSC Version 6.0
SPLUNK® AND THE CIS CRITICALSECURITY CONTROLS Mapping Splunk Software to the CIS 20 CSC Version 6.0