Abstract
Air-gapped systems are physically separated from external networks, including the Internet. This isolation is achieved by kee** the air-gap computers disconnected from wired or wireless networks, preventing direct or remote communication with other devices or networks. Air-gap measures may be used in sensitive environments where security and isolation are critical to prevent private and confidential information leakage.
In this paper, we present an attack allowing adversaries to leak information from air-gapped computers. We show that malware on a compromised computer can generate radio signals from memory buses (RAM). Using software-generated radio signals, malware can encode sensitive information such as files, images, keylogging, biometric information, and encryption keys. With software-defined radio (SDR) hardware, and a simple off-the-shelf antenna, an attacker can intercept transmitted raw radio signals from a distance. The signals can then be decoded and translated back into binary information. We discuss the design and implementation and present related work and evaluation results. This paper presents fast modification methods to leak data from air-gapped computers at 1000 bits per second. Finally, we propose countermeasures to mitigate this out-of-band air-gap threat.
Air-gap research page: http://www.covertchannels.com.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Albrecht, J.P.: How the GDPR will change the world. Eur. Data Prot. L. Rev. 2, 287 (2016)
Guri, M., Elovici, Y.: Bridgeware: the air-gap malware. Commun. ACM 61(4), 74–82 (2018)
Guri, M.: Usbculprit: USB-borne air-gap malware. In: European Interdisciplinary Cybersecurity Conference, pp. 7–13 (2021)
Chen, T.M., Abu-Nimeh, S.: Lessons from stuxnet. Computer 44(4), 91–93 (2011)
Gostev, A.: Agent. btz: a source of inspiration? SecureList 12(3) (2014)
Dorais-Joncas, A., Munõz, F.: Jum** the air gap (2021)
Cabaj, K., Caviglione, L., Mazurczyk, W., Wendzel, S., Woodward, A., Zander, S.: The new threats of information hiding: the road ahead. IT Prof. 20(3), 31–39 (2018)
Caviglione, L.: Trends and challenges in network covert channels countermeasures. Appl. Sci. 11(4), 1641 (2021)
Guri, M., Kachlon, A., Hasson, O., Kedma, G., Mirsky, Y., Elovici, Y.: GSMem: data exfiltration from air-gapped computers over GSM frequencies. In: USENIX Security Symposium, pp. 849–864 (2015)
Guri, M., Kedma, G., Kachlon, A., Elovici, Y.: Airhopper: bridging the air-gap between isolated networks and mobile phones using radio frequencies. In: Malicious and Unwanted Software: The Americas (MALWARE), 2014 9th International Conference on, pp. 58–67. IEEE (2014)
Shen, C., Liu, T., Huang, J., Tan, R.: When LoRa meets EMR: electromagnetic covert channels can be super resilient. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 1304–1317. IEEE (2021)
Guri, M., Zadov, B., Bykhovsky, D., Elovici, Y.: Ctrl-alt-led: leaking data from air-gapped computers via keyboard leds. In: 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), vol. 1, pp. 801–810. IEEE (2019)
Guri, M., Solewicz, Y., Elovici, Y.: Fansmitter: acoustic data exfiltration from air-gapped computers via fans noise. Comput. Secur. 101721 (2020)
Guri, M.: GPU-FAN: leaking sensitive data from air-gapped machines via covert noise from GPU fans. In: Reiser, H.P., Kyas, M. (eds.) Secure IT Systems. NordSec 2022. LNCS, vol. 13700, pp. 194–211. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22295-5_11
Guri, M., Monitz, M., Mirski, Y., Elovici, Y.: Bitwhisper: covert signaling channel between air-gapped computers using thermal manipulations. In: Computer Security Foundations Symposium (CSF), 2015 IEEE 28th, pp. 276–289. IEEE (2015)
Guri, M.: Exfiltrating data from air-gapped computers via vibrations. Futur. Gener. Comput. Syst. 122, 69–81 (2021)
Air gapped networks: A false sense of security? - sentinelone. https://www.sentinelone.com/blog/air-gapped-networks-a-false-sense-of-security/. Accessed 14 July 2023
Beating the air-gap: How attackers can gain access to supposedly isolated systems | energy central. https://energycentral.com/c/iu/beating-air-gap-how-attackers-can-gain-access-supposedly-isolated-systems. Accessed 05 Apr 2023
Kaspersky uncovers malware for targeted data exfiltration from air-gapped environments | kaspersky. https://usa.kaspersky.com/about/press-releases/2023_kaspersky-uncovers-malware-for-targeted-data-exfiltration-from-air-gapped-environments. Accessed 20 Aug 2023
Deshotels, L.: Inaudible sound as a covert channel in mobile devices. In: WOOT (2014)
de Gortari Briseno, J., Singh, A.D., Srivastava, M.: Inkfiltration: using inkjet printers for acoustic data exfiltration from air-gapped networks. ACM Trans. Priv. Secur. 25(2), 1–26 (2022)
Guri, M., Solewicz, Y., Daidakulov, A., Elovici, Y.: Acoustic data exfiltration from speakerless air-gapped computers via covert hard-drive noise diskfiltration. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 98–115. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_6
Guri, M.: CD-LEAK: leaking secrets from audioless air-gapped computers using covert acoustic signals from CD/DVD drives. In: 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC), pp. 808–816. IEEE (2020)
Guri, M.: Power-supplay: leaking sensitive data from air-gapped, audio-gapped systems by turning the power supplies into speakers. IEEE Trans. Dependable Secure Comput. (2021)
Guri, M., Bykhovsky, D., Elovici, Y.: Brightness: leaking sensitive data from air-gapped workstations via screen brightness. In: 2019 12th CMI Conference on Cybersecurity and Privacy (CMI), pp. 1–6. IEEE (2019)
Guri, M., Zadov, B., Daidakulov, A., Elovici, Y.: xLED: covert data exfiltration from air-gapped networks via switch and router leds. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp. 1–12. IEEE (2018)
Guri, M., Zadov, B., Elovici, Y.: LED-it-GO: leaking (a lot of) data from air-gapped computers via the (small) hard drive LED. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 161–184. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_8
Guri, M.: AIR-FI: leaking data from air-gapped computers using Wi-Fi frequencies. IEEE Trans. Dependable Secure Comput. (2022)
Guri, M.: SATAn: air-gap exfiltration attack via radio signals from SATA cables. In: 2022 19th Annual International Conference on Privacy, Security & Trust (PST), pp. 1–10. IEEE (2022)
Guri, M.: Lantenna: exfiltrating data from air-gapped networks via ethernet cables emission. In: 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC), pp. 745–754. IEEE (2021)
Romo, J.: DDR memories comparison and overview. Beyond Bits, p. 70
Movnti - store doubleword using non-temporal hint. https://www.felixcloutier.com/x86/movnti. Accessed 20 Aug 2023
https://cryptome.org Nstissam tempest/2-95 (2000). https://cryptome.org/tempest-2-95.htm. Accessed 01 Jan 2023
Tang, W., Mi, Z.: Secure and efficient in-hypervisor memory introspection using nested virtualization. In: 2018 IEEE Symposium on Service-Oriented System Engineering (SOSE), pp. 186–191. IEEE (2018)
Kasturi, G.S., Jain, A., Singh, J.: Detection and classification of radio frequency jamming attacks using machine learning. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. 11(4), 49–62 (2020)
Chapman, S.J., Hewett, D.P., Trefethen, L.N.: Mathematics of the faraday cage. Siam Rev. 57(3), 398–417 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Guri, M. (2024). RAMBO: Leaking Secrets from Air-Gap Computers by Spelling Covert Radio Signals from Computer RAM. In: Fritsch, L., Hassan, I., Paintsil, E. (eds) Secure IT Systems. NordSec 2023. Lecture Notes in Computer Science, vol 14324. Springer, Cham. https://doi.org/10.1007/978-3-031-47748-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-47748-5_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-47747-8
Online ISBN: 978-3-031-47748-5
eBook Packages: Computer ScienceComputer Science (R0)