Ben Nassi
YOU?
Author Swipe
View article: Towards an End-to-End (E2E) Adversarial Learning and Application in the Physical World
Towards an End-to-End (E2E) Adversarial Learning and Application in the Physical World Open
The traditional process for learning patch-based adversarial attacks, conducted in the digital domain and later applied in the physical domain (e.g., via printed stickers), may suffer reduced performance due to adversarial patches’ limited…
View article: Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous
Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous Open
The growing integration of LLMs into applications has introduced new security risks, notably known as Promptware - maliciously engineered prompts designed to manipulate LLMs to compromise the CIA triad of these applications. While prior re…
View article: PaniCar: Securing the Perception of Advanced Driving Assistance Systems Against Emergency Vehicle Lighting
PaniCar: Securing the Perception of Advanced Driving Assistance Systems Against Emergency Vehicle Lighting Open
The safety of autonomous cars has come under scrutiny in recent years, especially after 16 documented incidents involving Teslas (with autopilot engaged) crashing into parked emergency vehicles (police cars, ambulances, and firetrucks). Wh…
View article: A Privacy Enhancing Technique to Evade Detection by Street Video Cameras Without Using Adversarial Accessories
A Privacy Enhancing Technique to Evade Detection by Street Video Cameras Without Using Adversarial Accessories Open
In this paper, we propose a privacy-enhancing technique leveraging an inherent property of automatic pedestrian detection algorithms, namely, that the training of deep neural network (DNN) based methods is generally performed using curated…
View article: Towards an End-to-End (E2E) Adversarial Learning and Application in the Physical World
Towards an End-to-End (E2E) Adversarial Learning and Application in the Physical World Open
The traditional learning process of patch-based adversarial attacks, conducted in the digital domain and then applied in the physical domain (e.g., via printed stickers), may suffer from reduced performance due to adversarial patches' limi…
View article: Injection Attacks Against End-to-End Encrypted Applications
Injection Attacks Against End-to-End Encrypted Applications Open
We explore an emerging threat model for end-to-end (E2E) encrypted applications: an adversary sends chosen messages to a target client, thereby "injecting" adversarial content into the application state. Such state is subsequently encrypte…
View article: Unleashing Worms and Extracting Data: Escalating the Outcome of Attacks against RAG-based Inference in Scale and Severity Using Jailbreaking
Unleashing Worms and Extracting Data: Escalating the Outcome of Attacks against RAG-based Inference in Scale and Severity Using Jailbreaking Open
In this paper, we show that with the ability to jailbreak a GenAI model, attackers can escalate the outcome of attacks against RAG-based GenAI-powered applications in severity and scale. In the first part of the paper, we show that attacke…
View article: Exploiting Leakage in Password Managers via Injection Attacks
Exploiting Leakage in Password Managers via Injection Attacks Open
This work explores injection attacks against password managers. In this setting, the adversary (only) controls their own application client, which they use to "inject" chosen payloads to a victim's client via, for example, sharing credenti…
View article: A Jailbroken GenAI Model Can Cause Substantial Harm: GenAI-powered Applications are Vulnerable to PromptWares
A Jailbroken GenAI Model Can Cause Substantial Harm: GenAI-powered Applications are Vulnerable to PromptWares Open
In this paper we argue that a jailbroken GenAI model can cause substantial harm to GenAI-powered applications and facilitate PromptWare, a new type of attack that flips the GenAI model's behavior from serving an application to attacking it…
View article: Private Hierarchical Governance for Encrypted Messaging
Private Hierarchical Governance for Encrypted Messaging Open
The increasing harms caused by hate, harassment, and other forms of abuse\nonline have motivated major platforms to explore hierarchical governance. The\nidea is to allow communities to have designated members take on moderation and\nleade…
View article: Here Comes The AI Worm: Unleashing Zero-click Worms that Target GenAI-Powered Applications
Here Comes The AI Worm: Unleashing Zero-click Worms that Target GenAI-Powered Applications Open
In this paper, we show that when the communication between GenAI-powered applications relies on RAG-based inference, an attacker can initiate a computer worm-like chain reaction that we call Morris-II. This is done by crafting an adversari…
View article: The Adversarial Implications of Variable-Time Inference
The Adversarial Implications of Variable-Time Inference Open
Machine learning (ML) models are known to be vulnerable to a number of attacks that target the integrity of their predictions or the privacy of their training data. To carry out these attacks, a black-box adversary must typically possess t…
View article: The Adversarial Implications of Variable-Time Inference
The Adversarial Implications of Variable-Time Inference Open
Machine learning (ML) models are known to be vulnerable to a number of attacks that target the integrity of their predictions or the privacy of their training data. To carry out these attacks, a black-box adversary must typically possess t…
View article: Abusing Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs
Abusing Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs Open
We demonstrate how images and sounds can be used for indirect prompt and instruction injection in multi-modal LLMs. An attacker generates an adversarial perturbation corresponding to the prompt and blends it into an image or audio recordin…
View article: Protecting Autonomous Cars from Phantom Attacks
Protecting Autonomous Cars from Phantom Attacks Open
Enabling object detectors to better distinguish between real and fake objects in semi-autonomous and fully autonomous vehicles.
View article: Seeds Don't Lie: An Adaptive Watermarking Framework for Computer Vision Models
Seeds Don't Lie: An Adaptive Watermarking Framework for Computer Vision Models Open
In recent years, various watermarking methods were suggested to detect computer vision models obtained illegitimately from their owners, however they fail to demonstrate satisfactory robustness against model extraction attacks. In this pap…
View article: EyeDAS: Securing Perception of Autonomous Cars Against the Stereoblindness Syndrome
EyeDAS: Securing Perception of Autonomous Cars Against the Stereoblindness Syndrome Open
The ability to detect whether an object is a 2D or 3D object is extremely important in autonomous driving, since a detection error can have life-threatening consequences, endangering the safety of the driver, passengers, pedestrians, and o…
View article: Virtual Breathalyzer: Towards the Detection of Intoxication Using Motion Sensors of Commercial Wearable Devices
Virtual Breathalyzer: Towards the Detection of Intoxication Using Motion Sensors of Commercial Wearable Devices Open
Driving under the influence of alcohol is a widespread phenomenon in the US where it is considered a major cause of fatal accidents. In this research, we present Virtual Breathalyzer, a novel approach for detecting intoxication from the me…
View article: Towards the Detection of GPS Spoofing Attacks against Drones by Analyzing Camera’s Video Stream
Towards the Detection of GPS Spoofing Attacks against Drones by Analyzing Camera’s Video Stream Open
A Global Positioning System (GPS) spoofing attack can be launched against any commercial GPS sensor in order to interfere with its navigation capabilities. These sensors are installed in a variety of devices and vehicles (e.g., cars, plane…
View article: bAdvertisement: Attacking Advanced Driver-Assistance Systems Using Print Advertisements
bAdvertisement: Attacking Advanced Driver-Assistance Systems Using Print Advertisements Open
In this paper, we present bAdvertisement, a novel attack method against advanced driver-assistance systems (ADASs). bAdvertisement is performed as a supply chain attack via a compromised computer in a printing house, by embedding a "phanto…
View article: VISAS -- Detecting GPS spoofing attacks against drones by analyzing camera's video stream
VISAS -- Detecting GPS spoofing attacks against drones by analyzing camera's video stream Open
In this study, we propose an innovative method for the real-time detection of GPS spoofing attacks targeting drones, based on the video stream captured by a drone's camera. The proposed method collects frames from the video stream and thei…
View article: VISAS - Detecting GPS spoofing attacks against drones by analyzing camera's video stream
VISAS - Detecting GPS spoofing attacks against drones by analyzing camera's video stream Open
In this study, we propose an innovative method for the real-time detection of GPS spoofing attacks targeting drones, based on the video stream captured by a drone's camera.The proposed method collects frames from the video stream and their…
View article: Demo: Attacking Tesla Model X’s Autopilot Using Compromised Advertisement
Demo: Attacking Tesla Model X’s Autopilot Using Compromised Advertisement Open
In this demo, we demonstrate how attackers can remotely apply split-second phantom attacks by embedding phantom road signs into an advertisement presented on an Internet connected digital billboard which causes Tesla's autopilot to suddenl…
View article: Spoofing Mobileye 630’s Video Camera Using a Projector
Spoofing Mobileye 630’s Video Camera Using a Projector Open
Video Demonstration -
View article: MobilBye: Attacking ADAS with Camera Spoofing
MobilBye: Attacking ADAS with Camera Spoofing Open
Advanced driver assistance systems (ADASs) were developed to reduce the number of car accidents by issuing driver alert or controlling the vehicle. In this paper, we tested the robustness of Mobileye, a popular external ADAS. We injected s…
View article: Drones' Cryptanalysis - Smashing Cryptography with a Flicker
Drones' Cryptanalysis - Smashing Cryptography with a Flicker Open
In an "open skies" era in which drones fly among us, a new question arises: how can we tell whether a passing drone is being used by its operator for a legitimate purpose (e.g., delivering pizza) or an illegitimate purpose (e.g., taking a …
View article: SoK - Security and Privacy in the Age of Drones: Threats, Challenges, Solution Mechanisms, and Scientific Gaps
SoK - Security and Privacy in the Age of Drones: Threats, Challenges, Solution Mechanisms, and Scientific Gaps Open
The evolution of drone technology in the past nine years since the first commercial drone was introduced at CES 2010 has caused many individuals and businesses to adopt drones for various purposes. We are currently living in an era in whic…