• NaibofTabr@infosec.pub
    link
    fedilink
    English
    arrow-up
    28
    ·
    3 months ago

    As always with attacks of this kind, it requires the air-gapped network to be first compromised through other means – such as a rogue insider, poisoned USB drives, or a supply chain attack – thereby allowing the malware to trigger the covert data exfiltration channel.

    This goes on the list with other attacks that are interesting in an academic sense but highly impractical for real-world attacks, like Van Eck phreaking.

    You have to deploy the malware that manipulates the RAM to get it to create the radio signal on the target system, and since we’re talking about an air-gapped system that means you have to be in the room with it already.

    This article is light on specifics, but a RAM board is not an efficient radio antenna and it operates at 3-5v, so the transmission can’t be very strong. The receiver will have to be nearby, and in a relatively noise-free radio environment. Electrical wiring in the walls would mess with the signal transmission, the wall material might just block it, and if the target system is in a metal case that’s electrically grounded (which is normal for desktops and servers) I doubt the signal would get out of it. My guess is that the receiving antenna would need to be in the same room.

    • Lojcs@lemm.ee
      link
      fedilink
      English
      arrow-up
      7
      ·
      edit-2
      3 months ago

      Since the attack already involves someone with physical access they could hide a transmitter in the same room

      Copied from another thread:

      Fast transmissions are limited to a maximum range of 300 cm (10 ft), with the bit error rate being 2-4%. Medium-speed transmissions increase the distance to 450 cm (15 ft) for the same error rate. Finally, slow transmissions with nearly zero error rates can work reliably over distances of up to 7 meters (23 ft).

      Fast = 1000bps, medium = 500bps, slow = 100bps.