Biography
Whoami. I am Ben, a BlackHat board member, and an infosec researcher.
I did a postdoc at Cornell Tech (hosted by Tom Ristenpart) and I hold a PhD from
The Ben-Gurion University of the Negev (supervised by Yuval Elovici), on
"Security and Privacy in the IoT Era".
Interests. I am mostly interested in sci-fi on topics related security and privacy of systems and end users. My interests have changed throughout the years, but were mostly focused on three specific layers of systems:
-
Communication. Security and privacy of drones (SP'19, SP'21, Sensors'22), and multi-function printers (TIFS'19).
-
Sensors. Side-channel attacks for cryptanalysis (CCS'23, SP'24) and speech eavesdropping (CCS'21, USENIX Sec'22, WOOT'23, Computer'23).
-
Artficial Inteligence. Security of object detectors (CCS'20, CACM'23, AISEC'23) and GenAI models.
-
Misc. Security of E2EE messaging applications (SP'24), password managers, and smartwatches (UbiComp'18, Sensors'22).
Press. My work has been featured in Wired [1,2,3,4,5] Forbes [1,2,3], ArsTechnica, [1,2,3,4], The Wall Street Journal [1], DeepLearning.AI [1], MIT Technology Review [1], Fox News [1,2], The Mirror [1], Business Insider [1], Schneier on Security [1,2,3,4,5,6], Computerphile [1], and Two Minute Paper [1].
The YouTube videos I created to present my studies have been watched by ~600K viewers [1,2,3,4,5,6,7,8].
Speaking. I am a frequent conference speaker at BlackHat (5), SecTor (4), DEFCON (3), RSAC (2), CodeBlue (2), and additional conferences (here is a YouTube playlist of my recent talks).
Accomplishments. In 2023, I led a group of brilliant researchers and together we won the Pwnie Award for the Best Crypto Attack 23. In 2021, we received the Best Demo Award from AutoSec'21. Three other of my studies finished as runner-ups in CSAW'19 and CSAW'20. In 2019, I presented a work of mine to Israel's President Reuven (Ruvi) Rivlin, and in 2018, a work of mine was presented to Israel's Prime Minister Binyamin Netanyahu, Cypriot President Nicos Anastasiades and Greek Prime Minister Alexis Tsipras.
Personal Honors. I received the BGU Dean Award for Excellence in Ph.D. and the Mid. Way Negev-Faran Scholarship for Excellence Ph.D. Program. My Ph.D. dissertation was nominated for the SIGSAC Doctoral Dissertation Award 2023.
If you want to work with me on a high-profile/impact research in security and privacy, send me an email.
_edited.jpg)
Academic Publications
2024
ComPromptMized: Unleashing Zero-click Worms that Target GenAI-Powered
Applications
Stav Cohen, Ron Bitton, Ben Nassi
_svg.png){kind=logo}
Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device's Power LED
SP'24, BHUSA'23, DEFCON-31, SecTor'23, RWC'24
Ben Nassi, Etay Iluz, Or Cohen, Ofek Vayner, Dudi Nassi, Boris Zadov, Yuval Elovici
Injection Attacks Against End-to-End Encrypted Applications
SP'24
A Fábrega, CO Pérez, A Namavari, B Nassi, R Agarwal, T Ristenpart
2023
Optical Cryptanalysis: Recovering Cryptographic Keys from Power LED Light Fluctuations
CCS'23
Ben Nassi, Ofek Vayner, Etay Iluz, Dudi Nassi, Jan Jancar, Daniel Genkin, Eran Tromer, Boris Zadov, Yuval Elovici
Tim Höttges Award in Cybersecurity Research
Protecting Autonomous Cars from Phantom Attacks
Communications of the ACM
Ben Nassi, Yisroel Mirsky, Jacob Shams, Raz Ben-Netanel, Dudi Nassi, Yuval Elovici
The Adversarial Implications of Variable-Time Inference
AISEC'23
Dudi Biton, Aditi Misra, Efrat Levy, Jaidip Kotak, Ron Bitton, Roei Schuster, Nicolas Papernot, Yuval Elovici, Ben Nassi
The Little Seal Bug: Optical Sound Recovery from Lightweight Reflective Objects
WOOT'23, BlackHat Asia'22
Ben Nassi, Raz Swissa, Jacob Shams, Boris Zadov, Yuval Elovici
(Ab) Using images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs
BHEU'23
E Bagdasaryan, TY Hsieh, B Nassi, V Shmatikov
2022
Lamphone - Real-Time Passive Sound Recovery from Light Bulb Vibrations
USENIX Sec'22, BlackHat USA 2020, SecTor'20, CodeBlue'20
Ben Nassi, Yaron Pirotin, Adi Shamir, Yuval Elovici, Boris Zadov
CSAW'19 Runner Up
Runner up Pwnie Award for Most Innovative Research
Runner up Pwnie Award for Most Epic Achievement
[web-page] [pre-print] [conference-version]
_svg.png){kind=logo}
bAdvertisement: Attacking Advanced Driver-Assistance Systems Using Print Advertisements
EuroS&P Workshops 2022
Ben Nassi, Jacob Shams, Raz Ben-Netanel, Yuval Elovici
Optical Speech Recovery From Desktop Speakers
IEEE Computer
Ben Nassi, Yaron Pirutin, Jacob Shams, Raz Swissa, Yuval Elovici, Boris Zadov
Seeds Don't Lie: An Adaptive Watermarking Framework for Computer Vision Models
Jacob Shams, Ben Nassi, Ikuya Morikawa, Toshiya Shimizu, Asaf Shabtai, Yuval Elovici
2021
Glowworm Attack: Optical TEMPEST Sound Recovery via a Device’s Power
Indicator LED
CCS'21, HITB+CyberWeek'21
Ben Nassi, Yaron Pirotin, Yuval Elovici, Boris Zadov
_svg.png){kind=logo}
SoK - Security and Privacy in the Age of Drones
SP'21
Ben Nassi, Asaf Shabtai, Ryusuke Masuoka, Yuval Elovici.
SP Magazine
Raz Ben-Netanel, Ben Nassi, Adi Shamir, Yuval Elovici.
Spoofing Mobileye 630’s Video Camera Using a Projector
AutoSec'21
Ben Nassi, Dudi Nassi, Raz Ben Netanel and Yuval Elovici
Game of Drones - Detecting Spying Drones Using Time Domain Analysis
CSCML'21
Raz Ben-Netanel, Ben Nassi, Adi Shamir, Yuval Elovici
2020
Phantom of the ADAS - Securing Advanced Driver-Assistance Systems from
Split-Second Phantom Attacks
CCS'20, RSAC 2021, SecTor'21, Car Hacking Village @ DEFCON'29, CyberTech'20
Ben Nassi, Dudi Nassi, Raz Ben-Netanel, Yisroel Morsky, Oleg Drokin, Yuval Elovici.
AutoSec'21 Best Demo Award Winner
CSAW'20 Runner Up
_svg.png){kind=logo}
2019
Drones’ Cryptanalysis - Smashing Cryptography with a Flicker
SP'19, RSAC APJ'19, SecTor'21
Ben Nassi, Raz Ben-Netanel, Adi Shamir, Yuval Elovici.
CSAW'19 Runner Up
TIFS'19, RSAC'20
Ben Nassi, Adi Shamir, Yuval Elovici.
Piping botnet-turning green technology into a water disaster
IoT Village @ DEFCON'26
Ben Nassi, Moshe Sror, Ido Lavi, Yair Meidan, Asaf Shabtai, Yuval Elovici
2018
Handwritten Signature Verification Using Wrist-Worn Devices
Alona Levy, Ben Nassi, Yuval Elovici, Erez Shmueli.
Talks & Seminars
2024
RWC'24. Extracting Secret Keys from a Device’s Power LED using COTS Video Cameras.
Seminar @ MIT. Extracting Secret Keys from a Device’s Power LED using COTS Video Cameras.
Seminar @ Boston University. Extracting Secret Keys from a Device’s Power LED using COTS Video Cameras.
Seminar @ Northeastern University. Extracting Secret Keys from a Device’s Power LED using COTS Video Cameras.
2023
BHEU'23. Indirect Prompt Injection into LLMs using Images and Sounds.
Seminar @ Stanford University. Video-Based Cryptanalysis: Recovering Cryptographic Keys from Non-compromised Devices Using Video Footage of a Device’s Power LED
Seminar @ CISPA. Video-Based Cryptanalysis: Recovering Cryptographic Keys from Non-compromised Devices Using Video Footage of a Device’s Power LED
Seminar @ Columbia University. When Optical Sensors Meet Low-Power Devices:
Recovering Speech and Cryptographic Keys from Light Emitted from Power LEDs and Light Bulbs.
Seminar @ HUJI. When Optical Sensors Meet Low-Power Devices: Recovering Speech and Cryptographic Keys from Light Emitted from Power LEDs and Light Bulbs.
Seminar @ TAU. When Optical Sensors Meet Low-Power Devices: Recovering Speech and Cryptographic Keys from Light Emitted from Power LEDs and Light Bulbs.
CyberWeek'23. Security and Safety in the Era of Autonomous Cars.
2022
Seminar @ CE Club, Technion. Finding Darkness in the Light: Recovering Speech and Cryptographic Keys from Light Emitted from Power LEDs and Light Bulbs.
BHASIA'22. The Little Seal Bug: Optical Sound Recovery from Lightweight Reflective Objects.
Seminar @ Michigan State University. Towards Electro-optical Sound Eavesdropping
Seminar @ Cornell Tech. Towards Electro-optical Sound Eavesdropping
AI Week'22. Remote Split-second Phantom Attacks on AI of Semi & full Autonomous Cars.
2021
HITB+CyberWeek 21. Towards Eletro-Optical Sound Eavesdropping.
SecTor'21. Detecting Illicit Drone Filming.
SecTor'21. Ghost Misdetection Attacks Against Tesla Model X & Mobileye 630 PRO.
Car Hacking Village @ DEFCON 29. Remote Adversarial Phantom Attacks on Tesla & Mobileye.
RSAC'21. Securing Tesla & Mobileye from Split-Second Phantom Attacks
BHASIA'21. The Motion Sensor Western: The Good, the Bad, and the Ugly.
2020
CodeBlue'20. Drones Cryptanalysis: Detecting Spying Drones.
CodeBlue'20. Lamphone: Real-Time Passive Sound Recovery from Vibration of a Hanging Light Bulb.
SecTor'20. Lamphone: Real-Time Passive Sound Recovery from Vibration of a Hanging Light Bulb.
BHUSA'20. Lamphone: Real-Time Passive Sound Recovery from Vibration of a Hanging Light Bulb.
CyberTech TLV'20. Phantom of the ADAS
RSAC'20. Air-Gapping Is Overrated: Pressing a Red-Button via a Multifunction Printer.
2019
IoT Village @ DEFCON'26. Attacking Smart Irrigation Systems.