How RayV Lite is Democratizing Laser Fault Injection

An innovation developed by NetSPI’s Hardware Security Group

A New Frontier in Hardware Security 

Modern systems rely heavily on increasingly complex hardware, but for many organizations, hardware and embedded systems security remains vastly underexplored. RayV Lite, developed by NetSPI’s Hardware & Integrated Systems Security Researchers, challenges that norm. It’s an open-source, low-cost, home-built laser fault injection platform that makes sophisticated hardware hacking more accessible than ever before. 

Last year, we unveiled RayV Lite at Black Hat 2024 and recently shared its evolution at BSides Seattle and BSides Tokyo. Our goal? To shift the conversation around physical-layer security from hypothetical to practical and share our learnings on how to perform this type of testing with the broader industry.

Pictured: Sam Beaumont (left) and Larry Trowell (right)

Why it Matters: Bridging the Gap in Hardware Security Research

For years, light-based attacks were considered too expensive, complex, or niche. They were classified as the kind of threat only a nation-state could afford. But that assumption no longer holds. Laser fault injection, once reserved for high-budget labs, is now accessible to curious minds, hackers, students, tinkerers, and dedicated engineers alike.

Read the article: WIRED: A $500 Open-Source Tool Lets Anyone Hack Computer Chips With Lasers

By bringing the cost and complexity of laser-based fault injection down, RayV Lite provides:

• A tangible proof-of-concept for executives managing risk in hardware-based products
• A hands-on tool to support real-world adversarial modelling and training
• A practical reason to reassess hardware threat models in everything from consumer electronics to automotive systems

Historically, laser-based chip hacking techniques have been confined to well-funded companies, academic labs, and government agencies. (Much like how fault injection was, until the ChipWhisperer was created by Collin O’Flynn back in 2014.)

What We Built: RayV Lite

In a remarkably similar vein, we developed the RayV Lite to address the lack of training and testing in this area. We created this homegrown, open-source tool to democratize access to advanced hardware security research, empowering individuals and showing organizations that this is a realistic attack vector that needs to be protected.

RayV Lite combines:

• Affordable, commercially available lasers (even humble green laser pointers)
• A 3D-printed microscope from the OpenFlexure project
• Carefully synchronized timing logic to deliver targeted, chip-level laser fault injections

This setup enables researchers to identify real vulnerabilities in embedded hardware by inducing glitches at precise moments, mimicking the strategies of a resourceful attacker.

Why Is This a Game Changer?

• Open-source and replicable: RayV Lite is built on open-source foundations, encouraging collaboration and further innovation.
• Field-tested: It has already been used in live client assessments to explore real vulnerabilities, including supply chain security and silicon package review.
• Realistic threat modelling: It demonstrates that hardware attacks can be low-cost, low-barrier, and high-impact, thus making them essential to consider in product security strategies.

How did we achieve this? RayV Lite takes advantage of a little-known fact: many inexpensive laser pointers emit more infrared light than visible light. That infrared light can penetrate silicon and reach the transistor layer in a chip, where it causes a controlled disruption via a phenomenon called the photoelectric effect.

We proved that even with drastically less power than a commercial laser system, a well-aimed, timed laser pulse can induce a reliable fault. This means an attack once thought to require military-grade, or nation-state funded gear can now be reproduced in a simple, home environment, allowing both imaging and fault injection of silicon.

Observed fault behaviors included bit-flips in control registers, skipped instructions in boot sequences, and changes in memory I/O during clocked operations. These effects were consistent with induced charge during instruction fetches and aligned with known fault injection models. Repeatability was statistically measurable when timing was controlled.

Looking Ahead

RayV Lite isn’t just about research. It’s about leveling the playing field. By making laser fault injection more approachable, we hope to: 

• Encourage broader participation in hardware security testing 
• Support education, training, and security hardware development 
• Inspire other low-cost innovations that push our field forward 

This tool is just one part of our broader mission to bring real-world practicality into advanced security disciplines. 

Learn More

RayV Lite is a clear example of how innovation at the edges can reshape the security landscape. It represents a significant step forward in our attempt to drive hardware security research to the masses, providing a valuable learning tool for researchers, hobbyists, and professionals interested in laser fault injection, and other optical based security techniques on silicon such as Infra-Red, In-Situ (IRIS) and Laser Logic State Imaging (LLSI). 

As the cybersecurity landscape continues to evolve, collaborative efforts like this will be crucial in ensuring the safety of all types of systems. Stay tuned on the RayV Lite’s journey!

• Watch our full Black Hat 2024 talk 
• Explore the RayV Lite technical breakdown 
• Contact NetSPI’s Hardware & Embedded Security team for more