InfoSecBulletin Cybersecurity for mankind
“At the upcoming Black Hat cybersecurity conference in Las Vegas, Sam Beaumont and Larry ‘Patch’ Trowell from NetSPI, a security firm, will showcase their new laser hacking device, the RayV Lite.
They intend to release the design and component list of their tool as open source, enabling anyone to access laser-based techniques for reverse engineering chips, exploiting vulnerabilities, and uncovering secrets. These methods were historically limited to researchers affiliated with well-funded companies, academic labs, and government agencies.”
16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia
Patch now! Critical Erlang/OTP SSH Vuln Allows UCE
CISA warns of increasing risk tied to Oracle legacy Cloud leak
CVE-2025-20236
Cisco Patches Unauthenticated RCE Flaw in Webex App
Apple released emergency security updates for 2 zero-day vulns
Oracle Released Patched for 378 flaws for April 2025
CVE-2025-24054
Hackers Exploiting NTLM Spoofing Windows Vuln the in Wild
Bengaluru firm got ransomware attack, Hacker demanded $70,000
MITRE warns: U.S. Govt. Funding for MITRE’s CVE Ends Today
PwC exits more than a dozen countries in push to avoid scandals: FT reports
Advanced tools for using light for hacking, like the Riscure Laser Station, usually cost around $150,000, and even cheaper versions are close to $10,000. However, Beaumont and Trowell managed to build their own for less than $500 using 3D printing and affordable parts.
The creators aim to show that laser-based hacking techniques are more accessible than many hardware designers think. They want to make it clear that these methods are now more affordable and practical. They hope to give DIY hackers and researchers a new tool while also pushing hardware manufacturers to improve their product’s security against this type of hacking.
The RayV Lite was created by Beaumont and Trowell with a focus on two laser hacking methods. One method, called laser fault injection (LFI), involves using a short burst of light to disrupt the charges of a processor’s transistors. This can cause the bits to change from 1 to 0 or vice versa. By carefully triggering these bit flips, more significant effects can occur. For example, Beaumont tested an automotive chip and discovered that glitching the chip with a laser at a specific moment can bypass a security check that protects the chip’s firmware. This leaves the chip vulnerable and allows her to scan its code for potential weaknesses.
Cryptocurrency wallets can also be vulnerable to LFI, which involves glitching the chip when it asks for a PIN to unlock the cryptographic key and access the owner’s funds. “You take the chip off the crypto wallet, hit it with a laser at the right time, and it will just assume you have the PIN,” says Trowel. “It just jumps through the instructions and gives the key back.”
Laser logic state imaging is a hacking technique that involves using a laser to surveil a chip’s architecture and activity in real time. By bouncing laser light off the chip and analyzing the results, hackers can map out the physical layout of the processor and access sensitive data that the chip is handling. This technique often involves the use of machine learning tools. Full report here.
Source: :Wired
