new attack leaks secrets using RAM as a radio

Low Level Learning

11 Sept 202408:01

Summary

TLDRThe video discusses the RAMBleed attack, a method for covertly extracting data from air-gapped computers using RAM's electrical signals. Researcher Dr. Morchi G demonstrates how malware can manipulate RAM to transmit data at 1,000 bits per second via RF modulation. Countermeasures include shielding with a Faraday cage or internal RAM jamming to create interference. This innovative attack highlights the ongoing challenges in cybersecurity.

Takeaways

😲 The 'RAMBleed' attack allows hackers to listen to the electrical signals made by RAM to covertly extract data from a computer.
🔍 This technique is also known as 'Radiation for Air-Gapped Memory Bus for Offense' and was developed by Dr. Mordechai Guri.
💻 The attack exploits malware previously installed in an air-gapped network to create electrical noise from RAM by writing data in a specific sequence.
📡 Data is transmitted at a rate of about 1,000 bits per second on a 3.6 GHz CPU, which is surprisingly fast for unintentional over-the-air networking.
🔧 The attack uses the 'move NTI' instruction, which allows direct writing to RAM without using cache layers, to control the signal emission.
🕵️‍♂️ Dr. Guri's research lab focuses on finding ways to jump air gaps, with RAMBleed being one of many techniques discovered since 2018.
🔒 The only way to prevent RAMBleed attacks is to work in a shielded room or place the computer in a Faraday cage.
🛠️ A countermeasure to RAMBleed could be internal RAM jamming, which involves creating additional noise to interfere with the signal.
📊 The research demonstrates that a 4096-bit RSA private key can be exfiltrated in 40 to 4 seconds, and a password or text document can be downloaded in seconds.
📡 The attack uses an RF modulation scheme and software-defined radio to transmit and receive the data signals.

Q & A

What is the RAMBleed attack?
-The RAMBleed attack is a method of extracting data from a computer by listening to the electrical signals that the RAM makes when data is written to or read from it.
Who is Dr. Morchi and what is his contribution to the RAMBleed research?
-Dr. Morchi is a world-class researcher and hacker who runs a research lab focused on air gap research. He is the one who discovered the RAMBleed attack and has been instrumental in finding various techniques to extract data from air-gapped networks.
What is an air gap in cybersecurity?
-An air gap is a security measure that physically isolates a network or device from other networks, including the internet, to prevent unauthorized access and potential cyber attacks.
How does the RAMBleed attack work?
-The RAMBleed attack works by using malware to write data to the RAM in a specific sequence, creating electrical noise that can be picked up by an external receiver, effectively transmitting data over the air.
What is the speed of data transmission in the RAMBleed attack?
-The RAMBleed attack can transmit data at a rate of approximately 1,000 bits per second on a 3.6 GHz CPU.
How does the attacker control the signal to transmit data using the RAMBleed attack?
-The attacker controls the signal by writing to the RAM repeatedly to create a consistent amplitude, and stops writing to represent a zero, thus differentiating the data bits.
What is the 'move NTI' instruction and how does it relate to the RAMBleed attack?
-The 'move NTI' instruction, or store double word with non-temporal hint, allows for a direct write to memory without using cache layers. This is used in the RAMBleed attack to create signals on demand.
What are some countermeasures against the RAMBleed attack mentioned in the script?
-Some countermeasures against the RAMBleed attack include working in a shielded room, placing the computer in a Faraday cage, or using internal RAM jamming to interfere with the memory signals.
How can internal RAM jamming be used as a defense against the RAMBleed attack?
-Internal RAM jamming can be used as a defense by performing random read and write operations to interfere with the memory signals, making it difficult for an attacker to extract meaningful data.
What is the significance of the graph of data over time in the context of the RAMBleed attack?
-The graph of data over time represents the amplitude of the signal that the RAM is putting out, which is used to transmit data over the air in the RAMBleed attack.