Hacking energy-time entanglement-based systems with classical light

Photonic systems based on energy-time entanglement have been proposed to test local realism using the Bell inequality. A violation of this inequality normally also certifies security of device-independent quantum key distribution, so that an attacker cannot eavesdrop or control the system. Here, we show how this security test can be circumvented in energy-time entangled systems when using standard avalanche photodetectors, allowing an attacker to compromise the system without leaving a trace. With tailored pulses of classical light we reach Bell values up to 3.63 at 97.6% detector efficiency which is an extreme violation. This is the first demonstration of a violation-faking source that both gives tunable violation and high detector efficiency. The implications are severe: the standard Clauser-Horne-Shimony-Holt inequality cannot be used to show device-independent security for standard postselecting energy-time entanglement setups. We conclude with suggestions of improved tests and experimental setups that can re-establish device-independent security.