pith. sign in

arxiv: 1907.00479 · v1 · pith:GJFKIDB4new · submitted 2019-06-30 · 💻 cs.CR

("Oops! Had the silly thing in reverse")---Optical injection attacks in through LED status indicators

Joe Loughry This is my paper

Pith reviewed 2026-05-25 12:03 UTC · model grok-4.3

classification 💻 cs.CR
keywords optical injectionLED covert channelmicrocontroller GPIOIoT securitystatus indicator attacksreverse LED photodiode
0
0 comments X

The pith

LED status indicators on microcontrollers can be reversed to inject data into the system.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper shows that front-panel LEDs connected to microcontroller GPIO pins can function in reverse as light sensors, allowing external optical signals to inject information. This turns ordinary status lights into an input channel for attacks. It works as a classical covert channel when the target is already compromised by malware, with experiments confirming practicability at near-megabit speeds using common hardware. The same mechanism hints at possible attacks that need no prior compromise. A reader would care because the vulnerability arises from everyday IoT hardware designs that were not built to block light-based input.

Core claim

LEDs wired directly to GPIO pins on Arduino-type microcontrollers are electrically reversible and can detect incoming light to inject data, establishing a feasible optical covert channel under realistic compromise conditions and suggesting a possible directed-energy variant that requires no malware.

What carries the argument

Reversibility of discrete LEDs on GPIO pins, allowing them to act as photodiodes for input detection when the pin is configured appropriately.

If this is right

  • A covert channel exists that can carry commands or data into the system at bandwidths approaching a megabit per second using only visible light.
  • The attack affects many popular microcontroller families used in IoT devices because of their common GPIO-LED wiring.
  • Under high-security configurations that block malware, a slightly different optical mechanism may still succeed.
  • The vulnerability could not have existed before the combination of cheap microcontrollers, always-on LEDs, and dense GPIO integration.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Designers of future embedded systems may need to add optical isolation or monitoring around status LEDs to prevent reversal.
  • This optical channel could be combined with other physical attacks to target air-gapped or heavily protected devices.
  • Testing more microcontroller families for LED reversibility would map the scope of the exposure.

Load-bearing premise

The target LEDs must be wired directly to GPIO pins on the microcontroller in a configuration that permits reverse current flow and input detection without protective diodes or other circuitry blocking the effect.

What would settle it

Measure whether an illuminated LED on a configured input GPIO pin produces a voltage change large enough to register as a logic transition on a standard microcontroller.

Figures

Figures reproduced from arXiv: 1907.00479 by Joe Loughry.

Figure 1
Figure 1. Figure 1: A collection of light emitting diodes. Not only do some LEDs leak [PITH_FULL_IMAGE:figures/full_fig_p001_1.png] view at source ↗
Figure 3
Figure 3. Figure 3: Reasonable and unreasonable—but sometimes convenient—ways [PITH_FULL_IMAGE:figures/full_fig_p002_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Programmable pull-up and pull-down resistors can be abused by [PITH_FULL_IMAGE:figures/full_fig_p003_4.png] view at source ↗
Figure 6
Figure 6. Figure 6: Notional timing diagram of a representative CPU. Only trivial [PITH_FULL_IMAGE:figures/full_fig_p005_6.png] view at source ↗
Figure 5
Figure 5. Figure 5: Phase II experimental setup (proposed). B. Experimental Design for Phase II [PITH_FULL_IMAGE:figures/full_fig_p005_5.png] view at source ↗
Figure 7
Figure 7. Figure 7: Coroutines on the CPU ensure a stable trigger and reliable detection [PITH_FULL_IMAGE:figures/full_fig_p006_7.png] view at source ↗
read the original abstract

It is possible to attack a computer remotely through the front panel LEDs. Following on previous results that showed information leakage at optical wavelengths, now it seems practicable to inject information into a system as well. It is shown to be definitely feasible under realistic conditions (by infosec standards) of target system compromise; experimental results suggest it further may be possible, through a slightly different mechanism, even under high security conditions that put extremely difficult constraints on the attacker. The problem is of recent origin; it could not have occurred before a confluence of unrelated technological developments made it possible. Arduino-type microcontrollers are involved; this is an Internet of Things (IoT) vulnerability. Unlike some previous findings, the vulnerability here is moderate---at present---because it takes the infosec form of a classical covert channel. However, the architecture of several popular families of microcontrollers suggests that a Rowhammer-like directed energy optical attack that requires no malware might be possible. Phase I experiments yielded surprising and encouraging results; a covert channel is definitely practicable without exotic hardware, bandwidth approaching a Mbit/s, and the majority of discrete LEDs tested were found to be reversible on GPIO pins. Phase II experiments, not yet funded, will try to open the door remotely.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The manuscript claims that front-panel LEDs on microcontroller-based systems (e.g., Arduino/IoT devices) can be driven in reverse to enable optical injection of data into GPIO pins, creating a covert channel that is definitely feasible under realistic compromise conditions; Phase I experiments on discrete LEDs reportedly achieved near-Mbit/s bandwidth with most tested LEDs reversible, while Phase II aims at remote attacks without malware via a Rowhammer-like mechanism.

Significance. If the experimental claims are substantiated, the work identifies a novel physical-layer attack vector on embedded systems that exploits bidirectional LED behavior, extending prior optical side-channel leakage results into injection. The absence of machine-checked proofs, reproducible code, or parameter-free derivations means significance rests entirely on the strength of the reported experiments.

major comments (2)
  1. [Abstract] Abstract, Phase I paragraph: the central feasibility claim ('definitely feasible under realistic conditions of target system compromise' and 'majority of discrete LEDs tested were found to be reversible') rests on experimental results described only at summary level, with no methodology details, raw data, error analysis, controls, or statistical support provided to allow evaluation of the reversibility assertion.
  2. [Attack mechanism] Attack mechanism description (implied in the GPIO/LED reversibility claim): the covert-channel injection requires direct pin-to-LED wiring without series resistors, protection diodes, or constant-current drivers that would block reverse current, plus the pin in high-impedance input state; the reported results establish reversibility only on discrete LEDs on test fixtures and do not demonstrate the electrical path on production front-panel LEDs of routers or IoT devices.
minor comments (1)
  1. [Abstract] The manuscript should clarify whether any production devices were tested beyond discrete LEDs and explicitly state the wiring assumptions as a limitation.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their careful review and constructive comments on the manuscript. The feedback correctly identifies areas where the presentation of experimental claims and limitations could be strengthened. We respond to each major comment below.

read point-by-point responses

  1. Referee: [Abstract] Abstract, Phase I paragraph: the central feasibility claim ('definitely feasible under realistic conditions of target system compromise' and 'majority of discrete LEDs tested were found to be reversible') rests on experimental results described only at summary level, with no methodology details, raw data, error analysis, controls, or statistical support provided to allow evaluation of the reversibility assertion.

    Authors: We agree that the abstract presents the Phase I results at a high level without full methodological details. The manuscript text provided is concise by design, but the underlying experiments used direct LED-to-GPIO connections on test fixtures with the pin in high-impedance mode. To allow proper evaluation, we will revise the abstract to include a brief statement of the test conditions (discrete LEDs, direct wiring, optical injection source) and add a pointer to an expanded experimental section containing methodology, controls, and summary statistics. Raw data tables will be included in the revision where space permits. revision: yes

  2. Referee: [Attack mechanism] Attack mechanism description (implied in the GPIO/LED reversibility claim): the covert-channel injection requires direct pin-to-LED wiring without series resistors, protection diodes, or constant-current drivers that would block reverse current, plus the pin in high-impedance input state; the reported results establish reversibility only on discrete LEDs on test fixtures and do not demonstrate the electrical path on production front-panel LEDs of routers or IoT devices.

    Authors: The referee correctly identifies the electrical prerequisites for reverse current flow. Our Phase I results were obtained exclusively with discrete LEDs on laboratory test fixtures under those exact conditions. We acknowledge that this does not constitute a demonstration on the front-panel LEDs of production routers or IoT devices, where series resistors or driver circuitry may be present. In the revised manuscript we will explicitly list these assumptions as limitations and state that the covert-channel feasibility applies to systems whose LEDs are wired directly to GPIO pins without intervening protection. revision: yes

Circularity Check

0 steps flagged

No circularity: experimental demonstration with no derivation chain

full rationale

The paper is an experimental report on LED-based optical injection feasibility. It contains no equations, no parameter fitting, no uniqueness theorems, and no self-citation chains that reduce any claim to its own inputs. Claims rest on direct test results (discrete LEDs on GPIO pins) rather than any self-referential logic or renamed prior results. The central feasibility statement is an empirical observation, not a derived quantity.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

No free parameters, axioms, or invented entities are introduced; the contribution is an empirical security demonstration.

pith-pipeline@v0.9.0 · 5746 in / 976 out tokens · 49023 ms · 2026-05-25T12:03:54.550428+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

69 extracted references · 69 canonical work pages · 13 internal anchors

  1. [1]

    F. M. Mims III, Light Emitting Diodes . Indianapolis, Indiana, USA: Howard W. Sams & Co., Inc., 1973

    work page 1973

  2. [2]

    Using LED’s as light detectors,

    F. M. Mimms, “Using LED’s as light detectors,” Popular Electronics, vol. 11, no. 5, pp. 86–88, May 1977

    work page 1977

  3. [3]

    Bidirectional optoisolator puts two LEDs nose to nose,

    F. M. Mims III, “Bidirectional optoisolator puts two LEDs nose to nose,” Electronics, vol. 52, no. 10, p. 127, 10th May 1979

    work page 1979

  4. [4]

    Very low-cost sensing and com- munication using bidirectional LEDs,

    P. Dietz, W. Yerazunis, and D. Leigh, “Very low-cost sensing and com- munication using bidirectional LEDs,” Mitsubishi Electronics Research Laboratories (MERL), 201 Broadway, Cambridge, Massachusetts 02139, USA, Tech. Rep. TR2003-35, July 2003

    work page 2003

  5. [5]

    Single LED takes on both light- emitting and detecting duties,

    R. Stojanovi ´c and D. Karadagli ´c, “Single LED takes on both light- emitting and detecting duties,” Electronic Design, vol. 55, no. 16, pp. 53–54, 18th July 2007, uRL: https://www.electronicdesign.com/lighting/ single-led-takes-both-light-emitting-and-detecting-duties

    work page 2007

  6. [6]

    How to use LEDs to detect light,

    F. M. Mims III, “How to use LEDs to detect light,” Make, vol. 36, p. 136, 8th January 2014

    work page 2014

  7. [7]

    Understanding delay for I/O: Using Arduino functions vs. coding the MCU,

    S. Thornton, “Understanding delay for I/O: Using Arduino functions vs. coding the MCU,” EEworld Online ⟨https: //www.eeworldonline.com/understanding-delay-for-i-o-using-arduino- functions-vs-coding-the-mcu/ ⟩, 4 February 2019

    work page 2019

  8. [8]

    G. B. Stringfellow and M. G. Craford, High Brightness Light Emitting Diodes, ser. Semiconductors and Semimetals. San Diego, California: Academic Press, 1997, vol. 48

    work page 1997

  9. [9]

    Information leakage from optical emanations,

    J. Loughry and D. A. Umphress, “Information leakage from optical emanations,” ACM Transactions on Information and System Security , vol. 5, no. 3, pp. 262–289, August 2002

    work page 2002

  10. [10]

    A note on the confinement problem,

    B. W. Lampson, “A note on the confinement problem,” Comm. ACM , vol. 16, no. 10, pp. 613–615, October 1973

    work page 1973

  11. [11]

    Optical mouse cam,

    J. Domburg, “Optical mouse cam,” http://spritesmods.com/?art= mouseeye, 2006

    work page 2006

  12. [12]

    Is your cat infected with a computer virus?

    M. R. Rieback, B. Crispo, and A. S. Tanenbaum, “Is your cat infected with a computer virus?” in Proceedings of the Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM ’06). Washington, DC, USA: IEEE Computer Society, 2006, pp. 169–179

    work page 2006

  13. [13]

    Oops!...I think I scanned a malware

    B. Nassi, A. Shamir, and Y . Elovici, “Oops!. . . I think I scanned a malware,” arXiv:1703.07751v1 [cs.CR], 22nd March 2017

    work page internal anchor Pith review Pith/arXiv arXiv 2017

  14. [14]

    Jennings, The Devouring Fungus: Tales of the Computer Age

    K. Jennings, The Devouring Fungus: Tales of the Computer Age . W. W. Norton and Company, Inc., 1990

    work page 1990

  15. [15]

    Installation of the first production 701,

    D. E. Rosenheim, “Installation of the first production 701,” Annals of the History of Computing , vol. 5, no. 2, pp. 146–147, April–June 1983

    work page 1983

  16. [16]

    Wafer-level chip-scale package (WLCSP) at ON Semiconductor,

    ON Semiconductor, “Wafer-level chip-scale package (WLCSP) at ON Semiconductor,” Fairchild Semiconductor, Application Note 5075/D, October 2018

    work page 2018

  17. [17]

    Micron Technology, IS32 Optic Ram data sheet , Boise, Idaho, USA, May 1984

    work page 1984

  18. [18]

    A low-resolution vision sensor,

    D. G. Whitehead, I. Mitchell, and P. V . Mellor, “A low-resolution vision sensor,” J. Phys. E: Sci. Instrum. , vol. 17, pp. 653–656, 1984

    work page 1984

  19. [19]

    Museum f ¨ur mißbrauchte bauteile,

    H. Kurz, “Museum f ¨ur mißbrauchte bauteile,” Kurzschluss ⟨http://www. kurzschluss.com/kuckuck/kuckuck.html⟩, 1994

    work page 1994

  20. [20]

    Xenon death flash: a free physics lesson,

    L. Upton, “Xenon death flash: a free physics lesson,” Rasp- berry Pi blog ⟨https://www.raspberrypi.org/blog/xenon-death-flash-a- free-physics-lesson/ ⟩, 9 February 2015

    work page 2015

  21. [21]

    ATmega8 data sheet,

    Atmel Corporation, “ATmega8 data sheet,” 2013

    work page 2013

  22. [22]

    ATmega48A/PA/88A/PA/168A/PA/328/P megaA VR® data sheet,

    Microchip Technology, Inc., “ATmega48A/PA/88A/PA/168A/PA/328/P megaA VR® data sheet,” 2018

    work page 2018

  23. [23]

    MediaTek MT7688 datasheet,

    MediaTek, Inc., “MediaTek MT7688 datasheet,” 15th April 2016

    work page 2016

  24. [24]

    Uiga, Optoelectronics

    E. Uiga, Optoelectronics. Englewood Cliffs, New Jersey: Prentice-Hall, 1985

    work page 1985

  25. [25]

    Electromagnetic radiation from video display units: An eavesdropping risk?

    W. van Eck, “Electromagnetic radiation from video display units: An eavesdropping risk?” Computer Security , vol. 4, no. 4, pp. 269–286, December 1985

    work page 1985

  26. [26]

    Wright, Spycatcher: The Candid Autobiography of a Senior Intelli- gence Officer

    P. Wright, Spycatcher: The Candid Autobiography of a Senior Intelli- gence Officer. New York: Viking Press, 1987

    work page 1987

  27. [27]

    The threat of information theft by reception of electromag- netic radiation from RS-232 cables,

    P. Smulders, “The threat of information theft by reception of electromag- netic radiation from RS-232 cables,” Computer Security , vol. 9, no. 1, pp. 53–58, February 1990

    work page 1990

  28. [28]

    Differential power analysis,

    P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” in Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology CRYPTO 99 , Santa Barbara, California, 15– 19 August 1999, pp. 388–397

    work page 1999

  29. [29]

    Optical time-domain eavesdropping risks of CRT dis- plays,

    M. G. Kuhn, “Optical time-domain eavesdropping risks of CRT dis- plays,” in Proceedings of the 2002 IEEE Symposium on Security and Privacy. Berkeley, California: IEEE Computer Society, 12–15 May 2002, pp. 3–18

    work page 2002

  30. [30]

    TEMPEST: A signal problem,

    National Security Agency, “TEMPEST: A signal problem,” Cryptologic Spectrum, 1972

    work page 1972

  31. [31]

    LED printers and safe fonts as an effective protection against the formation of unwanted emission,

    I. Kubiak, “LED printers and safe fonts as an effective protection against the formation of unwanted emission,” Turkish Journal of Electrical Engineering and Computer Sciences , vol. 25, no. 5, pp. 4268–4279, 2017

    work page 2017

  32. [32]

    Learning from the enemy: the GUNMAN project,

    S. Maneki, “Learning from the enemy: the GUNMAN project,” United States Cryptologic History Series VI , vol. 13, 8th January 2007

    work page 2007

  33. [33]

    Soft Tempest: Hidden data trans- mission using electromagnetic emanations,

    M. G. Kuhn and R. J. Anderson, “Soft Tempest: Hidden data trans- mission using electromagnetic emanations,” in Second International Workshop on Information Hiding (IH’98) , Portland, Oregon, USA, 15– 17 April 1998, pp. 124–142

    work page 1998

  34. [34]

    RANGEMASTER,

    Advanced Network Technology (ANT) Division, “RANGEMASTER,” National Security Agency, Fort Meade, Maryland, USA, ANT Product Data, 24 July 2008

    work page 2008

  35. [35]

    Exfiltration of information from air-gapped machines using monitor’s LED indicator,

    V . Sepetnitsky, M. Guri, and Y . Elovici, “Exfiltration of information from air-gapped machines using monitor’s LED indicator,” in 2014 IEEE Joint Intelligence and Security Informatics Conference , 2014, pp. 264–7

    work page 2014

  36. [36]

    BitWhisper: Covert Signaling Channel between Air-Gapped Computers using Thermal Manipulations

    M. Guri, M. Monitz, Y . Mirski, and Y . Elovici, “BitWhisper: Covert signaling channel between air-gapped computers using thermal manip- ulations,” arXiv:1503.07919, 26th March 2015

    work page internal anchor Pith review Pith/arXiv arXiv 2015

  37. [37]

    VisiSploit: An Optical Covert-Channel to Leak Data through an Air-Gap

    M. Guri, O. Hasson, G. Kedma, and Y . Elovici, “VisiSploit: An optical covert-channel to leak data through an air-gap,” https://arxiv.org/abs/ 1607.03946, 13 July 2016

    work page internal anchor Pith review Pith/arXiv arXiv 2016

  38. [38]

    USBee: Air-Gap Covert-Channel via Electromagnetic Emission from USB

    M. Guri, M. Monitz, and Y . Elovici, “USBee: Air-gap covert-channel via electromagnetic emission from USB,” arXiv preprint arXiv:1608.08397 [cs.CR], 30th August 2016

    work page internal anchor Pith review Pith/arXiv arXiv 2016

  39. [39]

    xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs

    M. Guri, B. Zadov, A. Daidakulov, and Y . Elovici, “xLED: Covert data exfiltration from air-gapped networks via router LEDs,” arXiv preprint 1706.01140 [cs.CR], 4th June 2017

    work page internal anchor Pith review Pith/arXiv arXiv 2017

  40. [40]

    aIR-Jumper: Covert Air-Gap Exfiltration/Infiltration via Security Cameras & Infrared (IR)

    M. Guri, D. Bykhovsky, and Y . Elovici, “aIR-Jumper: Covert air-gap exfiltration/infiltration via security cameras & infrared (IR),” arXiv preprint arXiv:1709.05742 [cs.CR], 18th September 2017

    work page internal anchor Pith review Pith/arXiv arXiv 2017

  41. [41]

    ODINI : Escaping Sensitive Data from Faraday-Caged, Air-Gapped Computers via Magnetic Fields

    M. Guri, B. Zadov, A. Daidakulov, and Y . Elovici, “ODINI: Escaping sensitive data from Faraday-caged, air-gapped computers via magnetic fields,” arXiv preprint 1802.02700 [cs.CR], 8th February 2018

    work page internal anchor Pith review Pith/arXiv arXiv 2018

  42. [42]

    MAGNETO: Covert Channel between Air-Gapped Systems and Nearby Smartphones via CPU-Generated Magnetic Fields

    M. Guri, A. Daidakulov, and Y . Elovici, “MAGNETO: Covert channel between air-gapped systems and nearby smartphones via CPU-generated magnetic fields,” Ben-Gurion University of the Negev, Cyber Security Research Center, arXiv preprint 1802.02317 [cs.CR], 7th February 2018

    work page internal anchor Pith review Pith/arXiv arXiv 2018

  43. [43]

    Bridgeware: the air-gap malware,

    M. Guri and Y . Elovici, “Bridgeware: the air-gap malware,” Comm. ACM, vol. 61, no. 4, pp. 74–82, April 2018

    work page 2018

  44. [44]

    PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines

    M. Guri, B. Zadov, D. Bykhovsky, and Y . Elovici, “PowerHammer: Exfiltrating data from air-gapped computers through power lines,” arXiv:1804.04014 [cs.CR], 10th April 2018

    work page internal anchor Pith review Pith/arXiv arXiv 2018

  45. [45]

    BeatCoin: Leaking Private Keys from Air-Gapped Cryptocurrency Wallets

    M. Guri, “BeatCoin: Leaking private keys from air-gapped cryptocur- rency wallets,” arXiv preprint 1804.08714, 23 April 2018

    work page internal anchor Pith review Pith/arXiv arXiv 2018

  46. [46]

    Covert data exfiltration from air-gapped networks via switch and router LEDs,

    M. Guri, B. Zadov, A. Daidakulov, and Y . Elovici, “Covert data exfiltration from air-gapped networks via switch and router LEDs,” in 16th Annual Conference on Privacy, Security and Trust (PST) , Belfast, UK, 28–30 August 2018, pp. 269–274

    work page 2018

  47. [47]

    LCD TEMPEST air-gap attack reloaded,

    M. Guri and M. Monitz, “LCD TEMPEST air-gap attack reloaded,” in 2018 IEEE International Conference on the Science of Electrical Engineering (ICSEE), Eilat, Israel, 12–14 December 2018

    work page 2018

  48. [48]

    LED-it-GO: Leaking (a lot of) data from air-gapped computers via the (small) hard drive LED,

    M. Guri, B. Zadov, E. Arias, and Y . Elovici, “LED-it-GO: Leaking (a lot of) data from air-gapped computers via the (small) hard drive LED,” http: //cyber.bgu.ac.il/advanced-cyber/system/files/LED-it-GO 0.pdf, 2017

    work page 2017

  49. [49]

    Keyboard acoustic emanations,

    D. Asonov and R. Agrawal, “Keyboard acoustic emanations,” in Pro- ceedings of the 2004 IEEE Symposium on Security and Privacy , Oak- land, California, May 9–12, 2004, pp. 3–11

    work page 2004

  50. [50]

    Keyboard acoustic emanations revisited,

    L. Zhuang, F. Zhou, and J. Tygar, “Keyboard acoustic emanations revisited,” in Proceedings of the 12th ACM Conference on Computer and Communications Security , Alexandria, Virginia, November 7–11, 2005, pp. 373–382

    work page 2005

  51. [51]

    Dictionary attacks using keyboard acoustic emanations,

    Y . Berger, A. Wool, and A. Yeredor, “Dictionary attacks using keyboard acoustic emanations,” in CCS’06, Alexandria, Virginia, October 30– November 3, 2006, pp. 245–254

    work page 2006

  52. [52]

    Acoustic side-channel attacks on printers,

    M. Backes, M. D ¨urmuth, S. Gerling, M. Pinkal, and C. Sporleder, “Acoustic side-channel attacks on printers,” in Proceedings of the 19th USENIX Security Symposium , Washington, D.C., August 11–13, 2010

    work page 2010

  53. [53]

    Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels

    D. Genkin, M. Pattani, R. Schuster, and E. Tromer, “Synesthesia: Detect- ing screen content via remote acoustic side channels,” arXiv:1809.02629 [cs.CR], 7th September 2018

    work page internal anchor Pith review Pith/arXiv arXiv 2018

  54. [54]

    The typewriters as the sources of the sensitive acoustic sig- nals,

    I. Kubiak, “The typewriters as the sources of the sensitive acoustic sig- nals,” in 25th International Congress on Sound and Vibration (ICSV25) , Hiroshima, Japan, 8–12 July 2018

    work page 2018

  55. [55]

    Fansmitter: Acoustic Data Exfiltration from (Speakerless) Air-Gapped Computers

    M. Guri, Y . Solewicz, A. Daidakulov, and Y . Elovici, “Fansmitter: Acoustic data exfiltration from (speakerless) air-gapped computers,” arXiv ePrint 1606.05915, 2016

    work page internal anchor Pith review Pith/arXiv arXiv 2016

  56. [56]

    SPEAKE(a)R: Turn speakers to microphones for fun and profit,

    ——, “SPEAKE(a)R: Turn speakers to microphones for fun and profit,” ⟨http://cyber.bgu.ac.il/advanced-cyber/system/files/SPEAKE(a) R.pdf⟩, 2016

    work page 2016

  57. [57]

    HV ACKer: Bridging the air-gap by manipulating the environment temperature,

    Y . Mirsky, M. Guri, and Y . Elovici, “HV ACKer: Bridging the air-gap by manipulating the environment temperature,” Magdeburger Journal zur Sicherheitsforschung, vol. 14, pp. 815–829, September 2017

    work page 2017

  58. [58]

    MOSQUITO: Covert Ultrasonic Transmissions between Two Air-Gapped Computers using Speaker-to-Speaker Communication

    M. Guri, Y . Solwicz, A. Daidakulov, and Y . Elovici, “MOSQUITO: Covert ultrasonic transmissions between two air-gapped computers us- ing speaker-to-speaker communication,” arXiv preprint 1803.03422v1 [cs.CR], 9th March 2018

    work page internal anchor Pith review Pith/arXiv arXiv 2018

  59. [59]

    Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors,

    Y . Kim, R. Daly, J. Kim, C. Fallin, J. H. Lee, D. Lee, C. Wilkerson, K. Lai, and O. Mutlu, “Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors,” in 41st Inter- national Symposium on Computer Architecture (ISCA’14 , Minneapolis, Minnesota, USA, June 14–18, 2014

    work page 2014

  60. [60]

    Inside the 74181 ALU chip: die photos and reverse engineering,

    K. Shirriff, “Inside the 74181 ALU chip: die photos and reverse engineering,” http://www.righto.com/2017/01/die-photos-and-reverse- engineering.html, January 2017

    work page 2017

  61. [61]

    Fault attacks on secure chips: from glitch to flash,

    S. Skorobogatov, “Fault attacks on secure chips: from glitch to flash,” in Design and Security of Cryptographic Algorithms and Devices (ECRYPT II), Albena, Bulgaria, 29 May–3rd June 2011

    work page 2011

  62. [62]

    Fuzzing,

    I. van Sprundel, “Fuzzing,” in 22nd Chaos Communication Congress (22C3), Berlin, Germany, 27–30 December 2005

    work page 2005

  63. [63]

    Sniffing keystrokes with lasers/voltmeters: Side channel attacks using optical sampling of mechanical energy and power line leakage,

    A. Barisani and D. Bianco, “Sniffing keystrokes with lasers/voltmeters: Side channel attacks using optical sampling of mechanical energy and power line leakage,” in CanSecWest 2009, Vancouver, British Columbia, Canada, March 16–20 2009

    work page 2009

  64. [64]

    Machine learning and statistics: Applications in genomics and computer vision,

    G. Allen, “Machine learning and statistics: Applications in genomics and computer vision,” in AAAS Annual Meeting , Washington, DC, 15 February 2019

    work page 2019

  65. [65]

    AAAS: Machine learning ‘causing science crisis’,

    P. Ghosh, “AAAS: Machine learning ‘causing science crisis’,” BBC News ⟨https://www.bbc.com/news/science-environment-47267081⟩, 16 February 2019

    work page 2019

  66. [66]

    scikit-learn: Machine Learning in Python , INRIA, France, 2019

    work page 2019

  67. [67]

    TensorFlow: A system for large-scale machine learning,

    M. Abadi, P. Barham, J. Chen, Z. Chen, A. Davis, J. Dean, M. Devin, S. Ghemawat, G. Irving, M. Isard, M. Kudlur, J. Levenberg, R. Monga, S. Moore, D. G. Murray, B. Steiner, P. Tucker, V . Vasudevan, P. Warden, M. Wicke, Y . Yu, and X. Zheng, “TensorFlow: A system for large-scale machine learning,” in Proceedings of the 12th USENIX Symposium on Operating S...

    work page 2016

  68. [68]

    Optical TEMPEST,

    J. Loughry, “Optical TEMPEST,” in International Symposium and Exhibition on Electromagnetic Compatibility (EMC Europe 2018) , Am- sterdam, The Netherlands, 27–30 August 2018

    work page 2018

  69. [69]

    C. M. Jones, Duck Dodgers in the 24 1 2 th Century, ser. Merrie Melodies. Warner Bros., 1953

    work page 1953