top of page
About Me

Biography

Whoami. I am Ben, a BlackHat board member, and an infosec researcher.

I did a postdoc at Cornell Tech (hosted by Tom Ristenpart) and I hold a PhD from
The Ben-Gurion University of the Negev (supervised by Yuval Elovici), on
 "Security and Privacy in the IoT Era".

Interests. I am mostly interested in sci-fi on topics related security and privacy of systems and end users. My interests have changed throughout the years, but were mostly focused on three specific layers of systems: 

  • Communication. Security and privacy of drones (SP'19, SP'21, Sensors'22), and multi-function printers (TIFS'19).

  • Sensors.  Side-channel attacks for cryptanalysis (CCS'23, SP'24) and speech eavesdropping (CCS'21, USENIX Sec'22, WOOT'23, Computer'23).

  • Artficial Inteligence. Security of object detectors (CCS'20, CACM'23, AISEC'23) and GenAI models. 

  • Misc. Security of E2EE messaging applications (SP'24), password managers, and smartwatches (UbiComp'18, Sensors'22).

Press. My work has been featured in Wired [1,2,3,4,5] Forbes [1,2,3], ArsTechnica, [1,2,3,4], The Wall Street Journal [1], DeepLearning.AI [1], MIT Technology Review [1], Fox News [1], The Mirror [1], Business Insider [1], and Schneier on Security [1,2,3,4,5,6].The YouTube videos I created to present my studies have been watched by ~600K viewers [1,2,3,4,5,6,7,8]. 

Speaking. I am a frequent conference speaker at BlackHat (5), SecTor (4), DEFCON (3), RSAC (2), CodeBlue (2), and additional conferences (here is a YouTube playlist of my recent talks). 

Accomplishments. In 2023, I led a group of brilliant researchers and together we won the Pwnie Award for the Best Crypto Attack 23. In 2021, we received the Best Demo Award from AutoSec'21. Three other of my studies finished as runner-ups in CSAW'19 and CSAW'20. In 2019, I presented a work of mine to Israel's President Reuven (Ruvi) Rivlin, and in 2018, a work of mine was presented to Israel's Prime Minister Binyamin Netanyahu, Cypriot President Nicos Anastasiades and Greek Prime Minister Alexis Tsipras.

Personal Honors. I received the BGU Dean Award for Excellence in Ph.D. and the Mid. Way Negev-Faran Scholarship for Excellence Ph.D. Program. My Ph.D. dissertation was nominated for the SIGSAC Doctoral Dissertation Award 2023.

If you want to work with me on a high-profile/impact research in security and privacy, send me an email.

יערה ובן (304)_edited.jpg

Academic Publications

Publications

2024

ComPromptMized: Unleashing Zero-click Worms that Target GenAI-Powered
Applications
                             

Stav Cohen, Ron Bitton, Ben Nassi

[web-page]

Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device's Power LED

SP'24, BHUSA'23, DEFCON-31, SecTor'23, RWC'24                               

Ben Nassi, Etay Iluz, Or Cohen, Ofek Vayner, Dudi Nassi, Boris Zadov, Yuval Elovici

Pwnie Award for the Best Cryptographic Attack 23

[web-page] [pre-print] [conference-version]

Ars_Technica_logo_(2016).svg.png
forbes.webp
Kaspersky_logo.svg.png
the-hacker-news.webp
327780810_746289450506006_90477779176644116_n_edited.jpg

Injection Attacks Against End-to-End Encrypted Applications

SP'24

A Fábrega, CO Pérez, A Namavari, B Nassi, R Agarwal, T Ristenpart

[conference-version]

2023

Optical Cryptanalysis: Recovering Cryptographic Keys from Power LED Light Fluctuations

CCS'23

Ben Nassi, Ofek Vayner, Etay Iluz, Dudi Nassi, Jan Jancar, Daniel Genkin, Eran Tromer, Boris Zadov, Yuval Elovici

[pre-print] [conference-version]

Protecting Autonomous Cars from Phantom Attacks

Communications of the ACM

Ben Nassi, Yisroel Mirsky, Jacob Shams, Raz Ben-Netanel, Dudi Nassi, Yuval Elovici

[web-page] [magazine]

The Adversarial Implications of Variable-Time Inference

AISEC'23

Dudi Biton, Aditi Misra, Efrat Levy, Jaidip Kotak, Ron Bitton, Roei Schuster, Nicolas Papernot, Yuval Elovici, Ben Nassi

[pre-print] [PDF]

The Little Seal Bug: Optical Sound Recovery from Lightweight Reflective Objects

WOOT'23, BlackHat Asia'22                                                                                            

Ben Nassi, Raz Swissa, Jacob Shams, Boris Zadov, Yuval Elovici

[web-page] [pre-print] [conference-version]

dark-reading.png

2022

Lamphone - Real-Time Passive Sound Recovery from Light Bulb Vibrations

USENIX Sec'22BlackHat USA 2020, SecTor'20, CodeBlue'20

Ben Nassi, Yaron Pirotin, Adi Shamir, Yuval Elovici, Boris Zadov

CSAW'19 Runner Up

Runner up Pwnie Award for Most Innovative Research

Runner up Pwnie Award for Most Epic Achievement 
[web-page] [pre-print] [conference-version] 

Wired.png
forbes.webp
WSJ.png
Vice_logo.svg.png
fox-news.png
Ars_Technica_logo_(2016).svg.png
zdnet-logo-large.png
gizmodo.png
Kaspersky_logo.svg.png
jpost.png
pcmag.jpg
popular-mechanics-vector-logo.png

bAdvertisement: Attacking Advanced Driver-Assistance Systems Using Print Advertisements

EuroS&P Workshops 2022 

Ben Nassi, Jacob Shams, Raz Ben-Netanel, Yuval Elovici

[conference-version]

Optical Speech Recovery From Desktop Speakers

IEEE Computer

Ben Nassi, Yaron Pirutin, Jacob Shams, Raz Swissa, Yuval Elovici, Boris Zadov

[Magazine]

Seeds Don't Lie: An Adaptive Watermarking Framework for Computer Vision Models

Jacob Shams, Ben Nassi, Ikuya Morikawa, Toshiya Shimizu, Asaf Shabtai, Yuval Elovici

[pre-print]

2021

Glowworm Attack: Optical TEMPEST Sound Recovery via a Device’s Power
Indicator LED

CCS'21, HITB+CyberWeek'21

Ben Nassi, Yaron Pirotin, Yuval Elovici, Boris Zadov 

[web-page] [pre-print] [conference-version]

Ars_Technica_logo_(2016).svg.png
forbes.webp
the-hacker-news.webp
threatpost.png

SoK - Security and Privacy in the Age of Drones

SP'21

Ben Nassi, Asaf Shabtai, Ryusuke Masuoka, Yuval Elovici. 

[web-page] [pre-print] [conference-version]

Detecting Spying Drones

SP Magazine

Raz Ben-Netanel, Ben Nassi, Adi Shamir, Yuval Elovici. 

[web-page] [magazine]

Spoofing Mobileye 630’s Video Camera Using a Projector

AutoSec'21

Ben Nassi, Dudi Nassi, Raz Ben Netanel and Yuval Elovici

[web-page] [conference]

Game of Drones - Detecting Spying Drones Using Time Domain Analysis

CSCML'21

Raz Ben-Netanel, Ben Nassi, Adi Shamir, Yuval Elovici

[web-page] [magazine]

2020

Phantom of the ADAS - Securing Advanced Driver-Assistance Systems from
Split-Second Phantom Attacks

CCS'20,  RSAC 2021, SecTor'21, Car Hacking Village @ DEFCON'29, CyberTech'20

Ben Nassi, Dudi Nassi, Raz Ben-Netanel, Yisroel Morsky, Oleg Drokin, Yuval Elovici.

AutoSec'21 Best Demo Award Winner

CSAW'20 Runner Up

[web-page] [pre-print] [conference-version]

Wired.png
Ars_Technica_logo_(2016).svg.png
zdnet-logo-large.png
gizmodo.png
jpost.png
threatpost.png
Kaspersky_logo.svg.png
כלכליסט.png
download.png
https___cdn.evbuc.com_images_65495669_26

2019

Drones’ Cryptanalysis - Smashing Cryptography with a Flicker

SP'19, RSAC APJ'19, SecTor'21

Ben Nassi, Raz Ben-Netanel, Adi Shamir, Yuval Elovici. 

CSAW'19 Runner Up

[web-page] [pre-print] [conference-version]

Wired.png
ynet.png
jpost.png
GLobes_logo-575.jpg

Xerox Day Vulnerability 

TIFS'19, RSAC'20

Ben Nassi, Adi Shamir, Yuval Elovici.

[web-page] [pre-print] [journal-version]

VICE-Motherboard.png
israel-defense.png
dark-reading.png

Piping botnet-turning green technology into a water disaster

IoT Village @ DEFCON'26

Ben Nassi, Moshe Sror, Ido Lavi, Yair Meidan, Asaf Shabtai, Yuval Elovici

[web-page] [pre-print]

1200px-MIT_Technology_Review_logo.svg.pn
VICE-Motherboard.png
MSSP-Alert-light.png
Talks

Talks & Seminars

2024

RWC'24.  Extracting Secret Keys from a Device’s Power LED using COTS Video Cameras.

Seminar @ MIT.  Extracting Secret Keys from a Device’s Power LED using COTS Video Cameras. 

Seminar @ Boston University.  Extracting Secret Keys from a Device’s Power LED using COTS Video Cameras.

Seminar @ Northeastern University.  Extracting Secret Keys from a Device’s Power LED using COTS Video Cameras. 

2023

BHEU'23. Indirect Prompt Injection into LLMs using Images and Sounds

SecTor'23. Video-Based Cryptanalysis: Recovering Cryptographic Keys from Non-compromised Devices Using Video Footage of a Device’s Power LED. 

DEFCON'31. Video-Based Cryptanalysis: Recovering Cryptographic Keys from Non-compromised Devices Using Video Footage of a Device’s Power LED 

BHUSA'23. Video-Based Cryptanalysis: Recovering Cryptographic Keys from Non-compromised Devices Using Video Footage of a Device’s Power LED. 

Seminar @ Stanford University. Video-Based Cryptanalysis: Recovering Cryptographic Keys from Non-compromised Devices Using Video Footage of a Device’s Power LED

Seminar @ CISPA. Video-Based Cryptanalysis: Recovering Cryptographic Keys from Non-compromised Devices Using Video Footage of a Device’s Power LED

Seminar @ Columbia University. When Optical Sensors Meet Low-Power Devices:
Recovering Speech and Cryptographic Keys from Light Emitted from Power LEDs and Light Bulbs.

Seminar @ HUJI. When Optical Sensors Meet Low-Power Devices: Recovering Speech and Cryptographic Keys from Light Emitted from Power LEDs and Light Bulbs.

Seminar @ TAU. When Optical Sensors Meet Low-Power Devices: Recovering Speech and Cryptographic Keys from Light Emitted from Power LEDs and Light Bulbs.

CyberWeek'23. Security and Safety in the Era of Autonomous Cars. 

2022

Seminar @ CE Club, Technion. Finding Darkness in the Light: Recovering Speech and Cryptographic Keys from Light Emitted from Power LEDs and Light Bulbs.

BHASIA'22. The Little Seal Bug: Optical Sound Recovery from Lightweight Reflective Objects.

Seminar @ Michigan State University. Towards Electro-optical Sound Eavesdropping

Seminar @ Cornell Tech. Towards Electro-optical Sound Eavesdropping

AI Week'22. Remote Split-second Phantom Attacks on AI of Semi & full Autonomous Cars. 

2021

HITB+CyberWeek 21. Towards Eletro-Optical Sound Eavesdropping.

SecTor'21. Detecting Illicit Drone Filming.

SecTor'21. Ghost Misdetection Attacks Against Tesla Model X & Mobileye 630 PRO.

Car Hacking Village @ DEFCON 29. Remote Adversarial Phantom Attacks on Tesla & Mobileye.

RSAC'21. Securing Tesla & Mobileye from Split-Second Phantom Attacks

BHASIA'21. The Motion Sensor Western: The Good, the Bad, and the Ugly.

2020

CodeBlue'20. Drones Cryptanalysis: Detecting Spying Drones.

CodeBlue'20. Lamphone: Real-Time Passive Sound Recovery from Vibration of a Hanging Light Bulb.

SecTor'20. Lamphone: Real-Time Passive Sound Recovery from Vibration of a Hanging Light Bulb.

BHUSA'20. Lamphone: Real-Time Passive Sound Recovery from Vibration of a Hanging Light Bulb.

CyberTech TLV'20. Phantom of the ADAS

RSAC'20. Air-Gapping Is Overrated: Pressing a Red-Button via a Multifunction Printer.

2019

IoT Village @ DEFCON'26. Attacking Smart Irrigation Systems.

bottom of page