In recent years, several hacking attacks have broken the security of quantum
cryptography implementations by exploiting the presence of losses and the
ability of the eavesdropper to tune detection efficiencies. We present a simple
attack of this form that applies to any protocol in which the key is
constructed from the results of untrusted measurements performed on particles
coming from an insecure source or channel. Because of its generality, the
attack applies to a large class of protocols, from standard prepare-and-measure
to device-independent schemes. Our attack gives bounds on the critical
detection efficiencies necessary for secure quantum distribution, which show
that the implementation of most partly device independent solutions is, from
the point of view of detection efficiency, almost as demanding as fully
device-independent ones. We also show how our attack implies the existence of a
form of bound randomness, namely non-local correlations in which a
non-signalling eavesdropper can find out a posteriori the result of any
implemented measurement.Comment: 5 pages. v2: new title, published versio
