AIR-FI Attack Turns RAM In Air-Gapped Systems Into WiFi To Steal Data

Here’s one more threat to the security of air-gapped systems that the admins should take care of. Researchers have devised AIR-FI attack that can steal data from air-gapped systems by exploiting their RAM.

AIR-FI Attack Steals Data From Air-Gapped Systems RAMs

Researchers from Ben-Gurion University of the Negev, Israel, have come up with another interesting attack strategy targeting air-gapped systems. Dubbed AIR-FI, the attack aims transforms the RAM of air-gapped systems into WiFi.

In brief, the attack method exploits the capability of air-gapped systems to generate electromagnetic waves as the current flows through them. It involves infecting the target air-gapped system with a malware that would then command the RAM to generate waves with frequencies consistent with the usual WiFi spectrum. In this way, a receiving WiFi capable device could catch the data from air-gapped systems as it receives that WiFi.

Infecting an air-gapped system with the malware isn’t difficult. An adversary can easily do so by contaminating USB drives, social engineering, or by deceiving the staff.

Once done, the attacker would then have to infect a nearby WiFi capable device to receive the leaked data. For this, the attacker can infect nearby desktops, laptops, or even the smartphones of the staff operating the air-gapped target system.

After successful infection, the malware would then steal the data from the air-gapped system, leak it to the air as WiFi for the receiving device. As the researchers explained,

As a part of the exfiltration phase, the attacker might collect data from the compromised computers. The data can be documents, key logging, credentials, encryption keys, etc. Once the data is collected, the malware initiates the AIR-FI covert channel. It encodes the data and transmits it to the air (in the Wi-Fi band at 2.4 GHz) using the electromagnetic emissions generated from the DDR SDRAM buses.

The following video shows a possible attack scenario.

Recommended Countermeasures

AIR-FI attack is very effective to steal data. Like other covert attacks demonstrated by the team in the past, this one is also very easy to execute.

Besides, it is also faster than the recently demonstrated BRIGHTNESS, Air-ViBeR, and POWER-SUPPLaY attacks. This attack can transmit data over a few meters at a speed of 100 bps.

However, like the others, this one too can be mitigated. As advised by the researchers, signal jamming at the level of hardware and software can prevent any data leak by entirely jamming WiFi transmission.

Details about the attack are available in the research paper shared by the team.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients