The big picture: Collecting sensitive data from an air-gapped computer – that is, one that isn't connected to any network using an Ethernet cable or wirelessly – is one of the most secure methods for safeguarding a device against attacks. It's no surprise that governments, law enforcement, and other organizations use air-gapped machines to protect confidential information from unauthorized access.

As researchers from Ben-Gurion University have demonstrated time and again, however, nothing is impossible and if there's a will, there's a way.

The team's latest approach, dubbed RAMBO (short for Radiation of Air-gapped Memory Bus for Offense), involves stealing data from an air-gapped system by remotely monitoring for coded electromagnetic emissions given off by the target system's RAM.

The first step in a successful RAMBO attack is infecting the target machine with malware that's capable of manipulating RAM to generate specific radio signals. These signals are encoded in such a way that they can be received and decoded by a remote attacker in close enough proximity to the target.

Getting malware onto an air-gapped system is a challenge in itself, but it can be done through an infected USB stick or a more elaborate attack using a rogue employee or an supply chain attack. Using software-defined radio hardware and an off-the-shelf antenna, a remote attacker can capture the signals being given off by the RAM and decode them to gather a range of invaluable intelligence including passwords, biometric data, keystroke information, text files, and even small images.

While effective, you're not going to set any data transmission records using this method. In testing at various distances up to around 23 feet away, biometric information took anywhere between 10 seconds and 100 seconds to transmit while a small text file (5 kilobytes) could take up to 400 seconds. Keylogged data could be exfiltrated in realtime. The closer you are to the target, the higher the transmission speed.

The Ben-Gurion University team has been working with air-gapped computers for years, and this is just one of many novel techniques they've come up with. An earlier effort leveraged vibrations from a PC's fan to transmit data, while another involved manipulating a screen's brightness and monitoring the changes remotely via surveillance cameras.

Permalink to story:

Researchers extract data from air-gapped PC by monitoring RAM's electromagnetic radiation