RAMBO attack uses RAM in air-gapped computers to steal data

Cybersecurity researchers from Ben-Gurion University of the Negev, Israel, came up with a very James Bond-esque way to steal sensitive files from air-gapped systems.

The method is dubbed RAMBO (short for Radiation of Air-gapped Memory Bus for Offense) because it abuses the target computer’s RAM memory to steal data, taking advantage of the electromagnetic radiation the memory generates while operating.

An air-gapped system is disconnected from the wider network, and the internet. This is a (relatively) extreme measure reserved only for the most critical of systems, holding the most important data. So, even if a user inadvertently introduces a piece of malware (for example, via a compromised USB device), the malware would still have no way of transmitting the data to the outside world (other than copying the files directly onto the said USB, which is an entirely different beast).

Defending air-gapped systems

However, in this scenario, the malware would tamper with RAM components to allow for a recipient, which needs to be standing relatively close, to exfiltrate sensitive data.

The large caveat is still the fact that a person would need to stand relatively close. Another caveat is that the file transfer done this way is relatively slow. Don’t expect to be stealing any large files or databases, since it takes more than two hours to download 1 megabyte of information (for the fossils among you - author included - that’s slower than dial-up).

The method could still be used to steal keystrokes, passwords, or other data that doesn’t take up too much space.

The best way to defend against these things is simply not to let people near valuable endpoints, the experts conclude.

Via BleepingComputer

More from TechRadar Pro



from TechRadar - All the latest technology news https://ift.tt/RUzfLdw

Post a Comment

0 Comments