Airgrapped Exploit: RAMBO

[Jating]

I'm not sure if this is the right board about this exploit. I just think this is the board because it talks about wallet and it include air-gapped PC. Recently I read about a very sophisticated exploit and they called it RAMBO (Radiation of Air-gapped Memory Bus for Offense)

Air-gapped systems are physically separated from external networks, including the Internet. This isolation is achieved by keeping the air-gap computers disconnected from wired or wireless networks, preventing direct or remote communication with other devices or networks. Air-gap measures may be used in sensitive environments where security and isolation are critical to prevent private and confidential information leakage.

https://arxiv.org/abs/2409.02292

I'm no expert far from it, but I just want to share this to you and maybe, some of you have deeper knowledge. They've mentioned the mitigation though, so it's all good.

[joniboini]

If I'm reading this correctly, this attack requires access to the PC in its initial stage to deploy the malware. I don't think a hacker will use this method to target your everyday crypto users since they need to set up a way to receive the signal emitted from the RAM. Maybe they will use this to target exchanges, whales who publicly say they store crypto in their home, etc. I don't think it's a good idea to use a USB or something similar to transfer data to an air-gapped device to begin with.

[Findingnemo]

It looks like this method is only proved theoretically and maybe it's possible to decode small strings but I am sure it isn't gonna be possible to analyse everything that's stored on an Airgapped device just using the radio signals from the RAM but this is the first time there's something of this kind exist and who knows in future if they can make it possible to decode anything then nowhere is safe.

[Baofeng]

It's very technical attack and the attackers requires that the PC is within the range in order to execute it. Nevertheless, it is shown that the attack can be real and that air-gapped is also vulnerable.

I also read another king of attack as well, not sure if this is similar or the others steam from this attack. So let's see, we haven't heard of crypto heist on any air-gapped pc as this is usually enclosed and is left in our house and not that expose obviously.

[ABCbits]

To those who prefer somewhat simpler explanation, you might want to read this article instead https://www.bleepingcomputer.com/news/security/new-rambo-attack-steals-data-using-ram-in-air-gapped-computers/. I would worry more about $5 wrench attack rather than this attack. Besides, using QR code to send the data (such as unsigned and signed Bitcoin transaction) is good alternative if you don't want to use USB storage.

[dkbit98]

That is a very suitable name for this exploit - Rambo 
I don't know how this could be applied in real life but I guess attackers need to be near device to initiate this radio attack.
Safest way of protection is with faraday cage, there are faraday bags that can provide protection, but with recent explosion attacks and explosion of devices I doubt is security of many electronics devices.

[KingsDen]

I don't know how this could be applied in real life but I guess attackers need to be near device to initiate this radio attack.
Safest way of protection is with faraday cage, there are faraday bags that can provide protection, but with recent explosion attacks and explosion of devices I doubt is security of many electronics devices.

The whole thing is sounding like an imaginative movie to me. Just imagine it, and it might happen in the future. Even the Faraday bags solutions is making it looks like a gigantic electromagnetic activities. Although it creates a barrier that shields electronic devices from wireless signals. But how will the usage be when I'm not even sure such an attack will happen.