SpringerLink
Log in

RAMBO: Leaking Secrets from Air-Gap Computers by Spelling Covert Radio Signals from Computer RAM

  • Conference paper
  • First Online:
Secure IT Systems (NordSec 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14324))

Included in the following conference series:

Abstract

Air-gapped systems are physically separated from external networks, including the Internet. This isolation is achieved by kee** the air-gap computers disconnected from wired or wireless networks, preventing direct or remote communication with other devices or networks. Air-gap measures may be used in sensitive environments where security and isolation are critical to prevent private and confidential information leakage.

In this paper, we present an attack allowing adversaries to leak information from air-gapped computers. We show that malware on a compromised computer can generate radio signals from memory buses (RAM). Using software-generated radio signals, malware can encode sensitive information such as files, images, keylogging, biometric information, and encryption keys. With software-defined radio (SDR) hardware, and a simple off-the-shelf antenna, an attacker can intercept transmitted raw radio signals from a distance. The signals can then be decoded and translated back into binary information. We discuss the design and implementation and present related work and evaluation results. This paper presents fast modification methods to leak data from air-gapped computers at 1000 bits per second. Finally, we propose countermeasures to mitigate this out-of-band air-gap threat.

Air-gap research page: http://www.covertchannels.com.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Albrecht, J.P.: How the GDPR will change the world. Eur. Data Prot. L. Rev. 2, 287 (2016)

    Google Scholar 

  2. Guri, M., Elovici, Y.: Bridgeware: the air-gap malware. Commun. ACM 61(4), 74–82 (2018)

    Article  Google Scholar 

  3. Guri, M.: Usbculprit: USB-borne air-gap malware. In: European Interdisciplinary Cybersecurity Conference, pp. 7–13 (2021)

    Google Scholar 

  4. Chen, T.M., Abu-Nimeh, S.: Lessons from stuxnet. Computer 44(4), 91–93 (2011)

    Google Scholar 

  5. Gostev, A.: Agent. btz: a source of inspiration? SecureList 12(3) (2014)

    Google Scholar 

  6. Dorais-Joncas, A., Munõz, F.: Jum** the air gap (2021)

    Google Scholar 

  7. Cabaj, K., Caviglione, L., Mazurczyk, W., Wendzel, S., Woodward, A., Zander, S.: The new threats of information hiding: the road ahead. IT Prof. 20(3), 31–39 (2018)

    Article  Google Scholar 

  8. Caviglione, L.: Trends and challenges in network covert channels countermeasures. Appl. Sci. 11(4), 1641 (2021)

    Article  Google Scholar 

  9. Guri, M., Kachlon, A., Hasson, O., Kedma, G., Mirsky, Y., Elovici, Y.: GSMem: data exfiltration from air-gapped computers over GSM frequencies. In: USENIX Security Symposium, pp. 849–864 (2015)

    Google Scholar 

  10. Guri, M., Kedma, G., Kachlon, A., Elovici, Y.: Airhopper: bridging the air-gap between isolated networks and mobile phones using radio frequencies. In: Malicious and Unwanted Software: The Americas (MALWARE), 2014 9th International Conference on, pp. 58–67. IEEE (2014)

    Google Scholar 

  11. Shen, C., Liu, T., Huang, J., Tan, R.: When LoRa meets EMR: electromagnetic covert channels can be super resilient. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 1304–1317. IEEE (2021)

    Google Scholar 

  12. Guri, M., Zadov, B., Bykhovsky, D., Elovici, Y.: Ctrl-alt-led: leaking data from air-gapped computers via keyboard leds. In: 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), vol. 1, pp. 801–810. IEEE (2019)

    Google Scholar 

  13. Guri, M., Solewicz, Y., Elovici, Y.: Fansmitter: acoustic data exfiltration from air-gapped computers via fans noise. Comput. Secur. 101721 (2020)

    Google Scholar 

  14. Guri, M.: GPU-FAN: leaking sensitive data from air-gapped machines via covert noise from GPU fans. In: Reiser, H.P., Kyas, M. (eds.) Secure IT Systems. NordSec 2022. LNCS, vol. 13700, pp. 194–211. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22295-5_11

  15. Guri, M., Monitz, M., Mirski, Y., Elovici, Y.: Bitwhisper: covert signaling channel between air-gapped computers using thermal manipulations. In: Computer Security Foundations Symposium (CSF), 2015 IEEE 28th, pp. 276–289. IEEE (2015)

    Google Scholar 

  16. Guri, M.: Exfiltrating data from air-gapped computers via vibrations. Futur. Gener. Comput. Syst. 122, 69–81 (2021)

    Article  Google Scholar 

  17. Air gapped networks: A false sense of security? - sentinelone. https://www.sentinelone.com/blog/air-gapped-networks-a-false-sense-of-security/. Accessed 14 July 2023

  18. Beating the air-gap: How attackers can gain access to supposedly isolated systems | energy central. https://energycentral.com/c/iu/beating-air-gap-how-attackers-can-gain-access-supposedly-isolated-systems. Accessed 05 Apr 2023

  19. Kaspersky uncovers malware for targeted data exfiltration from air-gapped environments | kaspersky. https://usa.kaspersky.com/about/press-releases/2023_kaspersky-uncovers-malware-for-targeted-data-exfiltration-from-air-gapped-environments. Accessed 20 Aug 2023

  20. Deshotels, L.: Inaudible sound as a covert channel in mobile devices. In: WOOT (2014)

    Google Scholar 

  21. de Gortari Briseno, J., Singh, A.D., Srivastava, M.: Inkfiltration: using inkjet printers for acoustic data exfiltration from air-gapped networks. ACM Trans. Priv. Secur. 25(2), 1–26 (2022)

    Google Scholar 

  22. Guri, M., Solewicz, Y., Daidakulov, A., Elovici, Y.: Acoustic data exfiltration from speakerless air-gapped computers via covert hard-drive noise diskfiltration. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 98–115. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_6

    Chapter  Google Scholar 

  23. Guri, M.: CD-LEAK: leaking secrets from audioless air-gapped computers using covert acoustic signals from CD/DVD drives. In: 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC), pp. 808–816. IEEE (2020)

    Google Scholar 

  24. Guri, M.: Power-supplay: leaking sensitive data from air-gapped, audio-gapped systems by turning the power supplies into speakers. IEEE Trans. Dependable Secure Comput. (2021)

    Google Scholar 

  25. Guri, M., Bykhovsky, D., Elovici, Y.: Brightness: leaking sensitive data from air-gapped workstations via screen brightness. In: 2019 12th CMI Conference on Cybersecurity and Privacy (CMI), pp. 1–6. IEEE (2019)

    Google Scholar 

  26. Guri, M., Zadov, B., Daidakulov, A., Elovici, Y.: xLED: covert data exfiltration from air-gapped networks via switch and router leds. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp. 1–12. IEEE (2018)

    Google Scholar 

  27. Guri, M., Zadov, B., Elovici, Y.: LED-it-GO: leaking (a lot of) data from air-gapped computers via the (small) hard drive LED. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 161–184. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_8

    Chapter  Google Scholar 

  28. Guri, M.: AIR-FI: leaking data from air-gapped computers using Wi-Fi frequencies. IEEE Trans. Dependable Secure Comput. (2022)

    Google Scholar 

  29. Guri, M.: SATAn: air-gap exfiltration attack via radio signals from SATA cables. In: 2022 19th Annual International Conference on Privacy, Security & Trust (PST), pp. 1–10. IEEE (2022)

    Google Scholar 

  30. Guri, M.: Lantenna: exfiltrating data from air-gapped networks via ethernet cables emission. In: 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC), pp. 745–754. IEEE (2021)

    Google Scholar 

  31. Romo, J.: DDR memories comparison and overview. Beyond Bits, p. 70

    Google Scholar 

  32. Movnti - store doubleword using non-temporal hint. https://www.felixcloutier.com/x86/movnti. Accessed 20 Aug 2023

  33. https://cryptome.org Nstissam tempest/2-95 (2000). https://cryptome.org/tempest-2-95.htm. Accessed 01 Jan 2023

  34. Tang, W., Mi, Z.: Secure and efficient in-hypervisor memory introspection using nested virtualization. In: 2018 IEEE Symposium on Service-Oriented System Engineering (SOSE), pp. 186–191. IEEE (2018)

    Google Scholar 

  35. Kasturi, G.S., Jain, A., Singh, J.: Detection and classification of radio frequency jamming attacks using machine learning. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. 11(4), 49–62 (2020)

    Google Scholar 

  36. Chapman, S.J., Hewett, D.P., Trefethen, L.N.: Mathematics of the faraday cage. Siam Rev. 57(3), 398–417 (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev, Be’er Sheva, Israel

    Mordechai Guri

Authors
  1. Mordechai Guri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mordechai Guri .

Editor information

Editors and Affiliations

  1. OsloMet – Oslo Metropolitan University, Oslo, Norway

    Lothar Fritsch

  2. OsloMet – Oslo Metropolitan University, Oslo, Norway

    Ismail Hassan

  3. OsloMet - Oslo Metropolitan University, Oslo, Norway

    Ebenezer Paintsil

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Guri, M. (2024). RAMBO: Leaking Secrets from Air-Gap Computers by Spelling Covert Radio Signals from Computer RAM. In: Fritsch, L., Hassan, I., Paintsil, E. (eds) Secure IT Systems. NordSec 2023. Lecture Notes in Computer Science, vol 14324. Springer, Cham. https://doi.org/10.1007/978-3-031-47748-5_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-47748-5_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-47747-8

  • Online ISBN: 978-3-031-47748-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation