Research: Stealing data from air-gapped PC by turning RAM into Wi-Fi Card

Israeli Researchers Discover New Data Exfiltration Technique by Turning RAM into Wi-Fi Card.

According to the Ben-Gurion University of the Negev, Israel researchers, the new AIR-FI technique can convert a RAM card into a wireless emitter to transmit sensitive data from within a non-networked air-gapped computer that doesn’t have a built-in Wi-Fi card.

Mordechai Guri, the university’s Cyber Security Research Labs’ R&D head, discovered the new technique. Guri is the pioneer in researches on novel ways air-gapped systems can be exploited for stealing data.

In AIR-FI, an air-gapped system lets a third-party to steal data from any system that’s not connected to a network. This is achieved by generating a Wi-Fi signal using DDR and SDRAM memory buses within the 2.4GHz range. The attack doesn’t involve the use of any particular hardware.

 “We show that nearby Wi-Fi-capable devices (e.g., smartphones, laptops, IoT devices) can intercept these signals, decode them, and send them to the attacker over the Internet,” said Guri.

For extracting signals, the researchers used the physical layer information that the Wi-Fi chips exposed. They implemented the transmitter and receiver and evaluated the channel for bandwidth and distance, and identified a set of countermeasures. The team noted that it is possible to exfiltrate data from air-gapped computers to nearby Wi-Fi receivers from a distance of 7 meters.

Guri explained in the report that it isn’t easy to compromise air-gapped systems, and even expert hackers cannot pull it off easily. Such actions are possible if the targeted system is compromised using the right software via contaminated USB drives or social engineering.

An illustration of the AIR-FI attack. Malware in the air-gapped computer (A) uses the DDR memory to generate signals in the 2.4 GHz Wi-Fi frequency band. Binary information is modulated on top of the signals and received by a nearby Wi-Fi receiver (e.g., laptop (B) and smartphone (C)).

Researchers have dubbed techniques like AIR-FI cover data exfiltration channels because these don’t involve breaking into computers but steal data through unexpected ways. Though these aren’t dangerous for users, these would be a constant threat for air-gapped network admins.

For technical details check the report here [PDF].

You may also like...