Hardware Security Analysis and Test Platform (HSATp) DRAM Bus Emissions Effort

We present RAMBLE, a proof-of-concept method to transmit well-formed Bluetooth low energy (BLE) packets from a physically unmodified computer's memory bus. RAMBLE leverages DDR5-4800 memory operating at 4800 megatransfers per second. Because DDR performs two writes per clock cycle, DDR-4800 is clocked at 2.4 GHz, right in the middle of the industrial, scientific, and medical (ISM) frequency band. Carefully timing cache-bypassing writes enables modulation of the 2.4 GHz ISM-band clock signal to generate valid BLE packets. Because BLE packets are very short, the attack can be carried out in userspace without being interrupted by task switching. Although prior research has explored the feasibility of transmitting custom signals through EM side-channels, RAMBLE demonstrates the ability to extrapolate data from isolated, air-gapped networks using unmodified existing receivers and protocols, and with no dedicated transmission equipment. Alongside those other works that emanate using the DRAM bus, RAMBLE adds further urgency to the need to manage and mitigate malicious electromagnetic emissions.