RAMBO attack uses RAM in air-gapped computers to steal data

RAM’s electromagnetic emissions could be used to steal your passwords

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers from Ben-Gurion University of the Negev, Israel, came up with a very James Bond-esque way to steal sensitive files from air-gapped systems.

The method is dubbed RAMBO (short for Radiation of Air-gapped Memory Bus for Offense) because it abuses the target computer’s RAM memory to steal data, taking advantage of the electromagnetic radiation the memory generates while operating.

An air-gapped system is disconnected from the wider network, and the internet. This is a (relatively) extreme measure reserved only for the most critical of systems, holding the most important data. So, even if a user inadvertently introduces a piece ofmalware(for example, via a compromised USB device), the malware would still have no way of transmitting the data to the outside world (other than copying the files directly onto the said USB, which is an entirely different beast).

Defending air-gapped systems

However, in this scenario, the malware would tamper with RAM components to allow for a recipient, which needs to be standing relatively close, to exfiltrate sensitive data.

The large caveat is still the fact that a person would need to stand relatively close. Another caveat is that the file transfer done this way is relatively slow. Don’t expect to be stealing any large files or databases, since it takes more than two hours to download 1 megabyte of information (for the fossils among you - author included - that’s slower than dial-up).

The method could still be used to steal keystrokes, passwords, or other data that doesn’t take up too much space.

The best way to defend against these things is simply not to let people near valuable endpoints, the experts conclude.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

England vs Australia live stream: how to watch 2024 rugby union Autumn International online from anywhere