Counterfactual quantum key distribution protocols allow two sides to establish a common secret key using an insecure channel and authenticated public communication. As opposed to many other quantum key distribution protocols, part of the quantum state used to establish each bit never leaves the transmitting side, which hinders some attacks. We show how to adapt detector blinding attacks to this setting. In blinding attacks, gated avalanche photodiode detectors are disabled or forced to activate using bright light pulses. We present two attacks that use this ability to compromise the security of counterfactual quantum key distribution. The first is a general attack but technologically demanding (the attacker must be able to reduce the channel loss by half).
The second attack could be deployed with easily accessible technology and works for implementations where single photon sources are approximated by attenuated coherent states. The attack is a combination of a photon number splitting attack and the first blinding attack which could be deployed with easily accessible technology. The proposed attacks show counterfactual quantum key distribution is vulnerable to detector blinding and that experimental implementations should include explicit countermeasures against it.