StormyDark

S1REN

StormyDark Attack

How can we break an air gap?

Suppose in this situation that Jim works at some particular Organization.
Combining the idea of utilizing a left-behind USB for initial code execution - I came up with an idea called StormyDark.

StormyDark upon execution would essentially be software to work at hammering away DRAM to create a small radio transmitter.

Imagine the basic FM Transmitter Circuit below:

Now lets examine at a low level what DRAM looks like and what bit storage states appear as:

Let's imagine now that we hypothetically able to modify the state of a 'bit' through StormyDark. Right?
ok - following.
Great.

Now in your mind imagine millions of these lined up next to each other.
Suppose we were able to store targeted values on the BUS to basically modify the state of a bit across a row.
Like hammering out the DRAM?
Yeah.
Isn't that dangerous?
Could be.

Anyways - the idea continues on as JIM is not aware that as he plugged in the physical hardware (a USB device laying around with a sticker of the Organization he works for on it) - he then sits down in his chair and by the time he hits the cushion we're transmitting and exfiltrating data over FM Frequency (with very low amplification of signal) to somewhere outside the building.

Suppose we had a device to receive that exfiltrated data.

Remember - JIM's computer is not connected to the network. There is no wireless interface, there is no mainline jack attached to the LAN - it's simply a 'Cold Machine'.

Fantastic.

So the idea is that you have essentially beaten the air gap problem by hammering out your own little radio transmitter on the DRAM to broadcast in a short physical radius all of the data recursively from JIM's machine.

Boom air gap defeated.

Sip on that!