_edited.jpg)
Ben Nassi
Faculty member, ECE, Tel Aviv University
Electrical Engineering, 145, Tel Aviv University (Maps)
Tel Aviv, Israel
Whoami. I am a Black Hat board member (Asia & Europe) and a faculty member at the School of Electrical and Computer Engineering at Tel Aviv University, where I lead the AdMin (Adversarial Minds) research group. Before I was a research fellow at the Faculty of Electrical and Computer Engineering at the Technion, did a postdoc at Cornell Tech (hosted by Tom Ristenpart), and a PhD at Ben-Gurion University of the Negev (supervised by Yuval Elovici).​
​​​​​​
Research Interests. Today, I primarily research the security and privacy of LLM-powered Applications (AI security). Before, I researched various topics, including the security and privacy of drones and Teslas, side-channel attacks for cryptanalysis, side-channel attacks for speech eavesdropping, and the security of object detectors.​
​
I am currently looking for excellent PhD and MSc students with an interest in AI and security to join my group at Tel-Aviv University. If you have the desire to lead the field of AI Security and work on high-profile/impact research in security and privacy, send me an email.
​​
Publications & Press. My papers were published at top academic security conferences, including S&P (6), CCS(4), USENIX Security (1), and top industrial security conferences, including BlackHat (7), DEFCON (4),
and RSAC (2). My work has been frequently featured in Wired [1,2,3,4,5] Forbes [1,2,3], ArsTechnica, [1,2,3,4], The Wall Street Journal [1], DeepLearning.AI [1], MIT Technology Review [1], Fox News [1,2], The Mirror [1], Business Insider [1], Schneier on Security [1,2,3,4,5,6], Computerphile [1], and Two Minute Paper [1]. One of my papers received the 2023 Pwnie Award for the Best Crypto Attack.
AdMin (Adversarial Minds) Research Group
Academic Publications
BHUSA'25, DEFCON33, SecTor'25, CodeBlue'25
Ben Nassi, Stav Cohen, Or Yair
_svg.png){kind=logo}
CCS'25
Stav Cohen, Ron Bitton, Ben Nassi
2024
Stav Cohen, Ron Bitton, Ben Nassi
Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device's Power LED
SP'24, BHUSA'23, DEFCON-31, SecTor'23, RWC'24
Ben Nassi, Etay Iluz, Or Cohen, Ofek Vayner, Dudi Nassi, Boris Zadov, Yuval Elovici
Pwnie Award for the Best Cryptographic Attack 23
Tim Höttges Award in Cybersecurity Research
Private Hierarchical Governance for Encrypted Messaging
SP'24
Armin Namavari, Barry Wang, Sanketh Menda, Ben Nassi, Nirvan Tyagi, James Grimmelmann, Amy Zhang, Thomas Ristenpart
Injection Attacks Against End-to-End Encrypted Applications
SP'24
A Fábrega, CO Pérez, A Namavari, B Nassi, R Agarwal, T Ristenpart
2023
Optical Cryptanalysis: Recovering Cryptographic Keys from Power LED Light Fluctuations
CCS'23
Ben Nassi, Ofek Vayner, Etay Iluz, Dudi Nassi, Jan Jancar, Daniel Genkin, Eran Tromer, Boris Zadov, Yuval Elovici
Tim Höttges Award in Cybersecurity Research
Protecting Autonomous Cars from Phantom Attacks
Communications of the ACM
Ben Nassi, Yisroel Mirsky, Jacob Shams, Raz Ben-Netanel, Dudi Nassi, Yuval Elovici
The Adversarial Implications of Variable-Time Inference
AISEC'23
Dudi Biton, Aditi Misra, Efrat Levy, Jaidip Kotak, Ron Bitton, Roei Schuster, Nicolas Papernot, Yuval Elovici, Ben Nassi
The Little Seal Bug: Optical Sound Recovery from Lightweight Reflective Objects
WOOT'23, BlackHat Asia'22
Ben Nassi, Raz Swissa, Jacob Shams, Boris Zadov, Yuval Elovici
(Ab) Using images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs
BHEU'23
E Bagdasaryan, TY Hsieh, B Nassi, V Shmatikov
2022
Lamphone - Real-Time Passive Sound Recovery from Light Bulb Vibrations
USENIX Sec'22, BlackHat USA 2020, SecTor'20, CodeBlue'20
Ben Nassi, Yaron Pirotin, Adi Shamir, Yuval Elovici, Boris Zadov
CSAW'19 Runner Up
Runner up Pwnie Award for Most Innovative Research
Runner up Pwnie Award for Most Epic Achievement
[web-page] [pre-print] [conference-version]
_svg.png){kind=logo}
bAdvertisement: Attacking Advanced Driver-Assistance Systems Using Print Advertisements
EuroS&P Workshops 2022
Ben Nassi, Jacob Shams, Raz Ben-Netanel, Yuval Elovici
Optical Speech Recovery From Desktop Speakers
IEEE Computer
Ben Nassi, Yaron Pirutin, Jacob Shams, Raz Swissa, Yuval Elovici, Boris Zadov
Seeds Don't Lie: An Adaptive Watermarking Framework for Computer Vision Models
Jacob Shams, Ben Nassi, Ikuya Morikawa, Toshiya Shimizu, Asaf Shabtai, Yuval Elovici
2021
Glowworm Attack: Optical TEMPEST Sound Recovery via a Device’s Power
Indicator LED
CCS'21, HITB+CyberWeek'21
Ben Nassi, Yaron Pirotin, Yuval Elovici, Boris Zadov
_svg.png){kind=logo}
SoK - Security and Privacy in the Age of Drones
SP'21
Ben Nassi, Asaf Shabtai, Ryusuke Masuoka, Yuval Elovici.
SP Magazine
Raz Ben-Netanel, Ben Nassi, Adi Shamir, Yuval Elovici.
Spoofing Mobileye 630’s Video Camera Using a Projector
AutoSec'21
Ben Nassi, Dudi Nassi, Raz Ben Netanel and Yuval Elovici
Game of Drones - Detecting Spying Drones Using Time Domain Analysis
CSCML'21
Raz Ben-Netanel, Ben Nassi, Adi Shamir, Yuval Elovici
2020
Phantom of the ADAS - Securing Advanced Driver-Assistance Systems from
Split-Second Phantom Attacks
CCS'20, RSAC 2021, SecTor'21, Car Hacking Village @ DEFCON'29, CyberTech'20
Ben Nassi, Dudi Nassi, Raz Ben-Netanel, Yisroel Morsky, Oleg Drokin, Yuval Elovici.
AutoSec'21 Best Demo Award Winner
CSAW'20 Runner Up
_svg.png){kind=logo}
2019
Drones’ Cryptanalysis - Smashing Cryptography with a Flicker
SP'19, RSAC APJ'19, SecTor'21
Ben Nassi, Raz Ben-Netanel, Adi Shamir, Yuval Elovici.
CSAW'19 Runner Up
TIFS'19, RSAC'20
Ben Nassi, Adi Shamir, Yuval Elovici.
Piping botnet-turning green technology into a water disaster
IoT Village @ DEFCON'26
Ben Nassi, Moshe Sror, Ido Lavi, Yair Meidan, Asaf Shabtai, Yuval Elovici
2018
Handwritten Signature Verification Using Wrist-Worn Devices
Alona Levy, Ben Nassi, Yuval Elovici, Erez Shmueli.
Talks & Seminars
2025
DEFCON'33. Invitation is All You Need!
BHUSA'25. Invitation is All You Need!
Seminar @ Stanford University. From Prompt Injection to Promptware.
AI Agent Security Summit. From Prompt Injection to Promptware
Seminar @ Tel Aviv University From Prompt Injection to Promptware
2024
RWC'24. Extracting Secret Keys from a Device’s Power LED using COTS Video Cameras.
Seminar @ MIT. Extracting Secret Keys from a Device’s Power LED using COTS Video Cameras.
Seminar @ Boston University. Extracting Secret Keys from a Device’s Power LED using COTS Video Cameras.
Seminar @ Northeastern University. Extracting Secret Keys from a Device’s Power LED using COTS Video Cameras.
2023
BHEU'23. Indirect Prompt Injection into LLMs using Images and Sounds.
Seminar @ Stanford University. Video-Based Cryptanalysis: Recovering Cryptographic Keys from Non-compromised Devices Using Video Footage of a Device’s Power LED
Seminar @ CISPA. Video-Based Cryptanalysis: Recovering Cryptographic Keys from Non-compromised Devices Using Video Footage of a Device’s Power LED
Seminar @ Columbia University. When Optical Sensors Meet Low-Power Devices:
Recovering Speech and Cryptographic Keys from Light Emitted from Power LEDs and Light Bulbs.
Seminar @ HUJI. When Optical Sensors Meet Low-Power Devices: Recovering Speech and Cryptographic Keys from Light Emitted from Power LEDs and Light Bulbs.
Seminar @ TAU. When Optical Sensors Meet Low-Power Devices: Recovering Speech and Cryptographic Keys from Light Emitted from Power LEDs and Light Bulbs.
CyberWeek'23. Security and Safety in the Era of Autonomous Cars.
2022
Seminar @ CE Club, Technion. Finding Darkness in the Light: Recovering Speech and Cryptographic Keys from Light Emitted from Power LEDs and Light Bulbs.
BHASIA'22. The Little Seal Bug: Optical Sound Recovery from Lightweight Reflective Objects.
Seminar @ Michigan State University. Towards Electro-optical Sound Eavesdropping
Seminar @ Cornell Tech. Towards Electro-optical Sound Eavesdropping
AI Week'22. Remote Split-second Phantom Attacks on AI of Semi & full Autonomous Cars.
2021
HITB+CyberWeek 21. Towards Eletro-Optical Sound Eavesdropping.
SecTor'21. Detecting Illicit Drone Filming.
SecTor'21. Ghost Misdetection Attacks Against Tesla Model X & Mobileye 630 PRO.
Car Hacking Village @ DEFCON 29. Remote Adversarial Phantom Attacks on Tesla & Mobileye.
RSAC'21. Securing Tesla & Mobileye from Split-Second Phantom Attacks
BHASIA'21. The Motion Sensor Western: The Good, the Bad, and the Ugly.
2020
CodeBlue'20. Drones Cryptanalysis: Detecting Spying Drones.
CodeBlue'20. Lamphone: Real-Time Passive Sound Recovery from Vibration of a Hanging Light Bulb.
SecTor'20. Lamphone: Real-Time Passive Sound Recovery from Vibration of a Hanging Light Bulb.
BHUSA'20. Lamphone: Real-Time Passive Sound Recovery from Vibration of a Hanging Light Bulb.
CyberTech TLV'20. Phantom of the ADAS
RSAC'20. Air-Gapping Is Overrated: Pressing a Red-Button via a Multifunction Printer.
2019
IoT Village @ DEFCON'26. Attacking Smart Irrigation Systems.