Positive Technologies in partnership with QBoard, QApp, and the Russian Quantum Center highlights the top cybersecurity threats to quantum technologies. Information theft, software vulnerabilities, and attacks targeting the quantum internet are the most concerning areas.
The study identifies five key vulnerabilities, with the first four targeting quantum computers specifically and the final one impacting quantum communication channels:
- Physical threats related to the instability and sensitivity of qubits (quantum bits). Experts believe that attackers can carry out denial-of-service (DoS) attacks: for example, by heating up quantum computers and causing interference to corrupt data. At present, such attacks are possible because the equipment is highly sensitive to the external environment, which may allow attackers to cause equipment malfunction.
- Theft of confidential information. Experts predict that the stolen results of quantum computing will be highly valued by attackers, as the quantum systems and the calculations based on them are very expensive.
- Vulnerabilities in software designed for quantum computing will also pose a serious threat. They have already been found in some underlying solutions. For example, two high-severity vulnerabilities have been discovered in the NVIDIA cuQuantum Appliance: CVE-2023-36632 and CVE-2018-20225. Another high-severity vulnerability was found in the Quantum Development Kit library for Visual Studio Code: CVE-2021-27082. In the future, the exploitation of quantum software vulnerabilities could lead to leakage of sensitive information, hijacking of hardware resources, and disabling equipment.
- Threat to cloud computing. The development of cloud-based quantum solutions is likely to encourage attackers to actively search for vulnerabilities in solutions of various vendors and attack IT companies that provide quantum-based services. Typical cyber threats here include improper configuration of cloud services, vulnerabilities in cloud services, insecure data storage, insecure data processing by service providers, and denial-of-service attacks. These issues also pose a threat to Quantum Computing-as-a-Service (QCaaS) infrastructures.
- Attacks against the quantum internet. Attacks against the quantum internet pursue goals similar to those of attacks on conventional networks: stealing information, disrupting the integrity or availability of quantum nodes or quantum networks, and hijacking quantum connections or computational resources.
“The emergence of a truly powerful quantum computer, capable of solving mathematical problems that are unsolvable today, will take the race between the tech giants to a new level. Computation results will become more valuable to competitors and hackers alike. And safeguarding the results of quantum computing will be a major function of cybersecurity,” comments Ekaterina Snegireva, Senior Analyst at Positive Technologies. “The usual race between cyberattackers and defenders will also move to a new level with the advent of quantum computers.”
According to the experts, the threats to post-quantum cryptography are no less significant. As noted in the study, the “store now, decrypt later” tactic will allow attackers to decrypt the stolen data in the future, using a more powerful quantum computer. As a result, a lot of sensitive data is already at risk. Some companies are starting to implement the post-quantum cryptography methods to protect themselves.