Faking photon number on a transition-edge sensor

We study potential security vulnerabilities of a single-photon detector based on superconducting transition-edge sensor. In a simple experiment, we show that an adversary could fake a photon number result at a certain wavelength by sending a larger number of photons at a longer wavelength. In another experiment, we show that the detector can be blinded by bright continuous-wave light and then, a controlled response simulating single-photon detection can be produced by applying a bright light pulse. We model an intercept-and-resend attack on a quantum key distribution system that exploits the latter vulnerability and, under certain assumptions, succeeds to steal the key.