Ransom Access Memory?
The AIR-FI exploit can steal secrets from an air-gapped computer by listening to electromagnetic emissions from RAM in the WiFi spectrum.
Once again proving that no computer is ever completely secure, Dr. Guri of Ben-Gurion University of the Negev has published yet another data exfiltration exploit for air-gapped systems. We have reported on Dr Guri’s previous exploits of air-gapped computers, in which data can be covertly extracted via some side channel without the use of any network connections. This time Dr. Guri has developed a method that allows the random access memory (RAM) already present in computers everywhere to act as a low-power WiFi transmitter.
While an air-gapped computer has no network connections to transmit data, computers generate considerable quantities of electromagnetic radiation in the course of their normal operation. If that radiation is in the right frequency range, it will be transmitted over the air, at which point a receiver can intercept that signal.
Modern DDR SDRAM busses often operate at a frequency near 2.4 GHz, which happens to overlap with the 2.4 GHz WiFi band. By writing specific patterns of bits to RAM, with precise timings, Dr. Guri was able to modulate this signal to encode messages. These messages can then be received by any nearby computer with a WiFi radio.
In cases where the RAM bus operates at a frequency other than 2.4 GHz, there are methods to programmatically over- or under-clock it to get it in the range of WiFi signals.
The method has been demonstrated to operate at 100 bits per second, with an 8.75% error rate, so it would not be effective for transmitting large amounts of data. The exploit also requires malware to be installed on the target system in order to generate the modulated signal — normal RAM operation would not reveal any secret information.
Considering these limitations, and also that the tested transmission range was around six feet, this exploit should not be a big concern for a typical computer user. But then again, a typical computer user has network interfaces, which are a much easier way to steal secret information.
Given his extensive work in covert data exfiltration, it would seem that the safest course of action would be to pull the power cord if you ever see Dr. Guri in the vicinity of your computer. That is, of course, until he publishes a paper detailing an exploit targeting an unpowered system, which would be both an alarming and fascinating read.