Quantum Leap: Advanced Computing Is a Vulnerable Cyber Target

  /     /     /  
Publicated : 23/11/2024   Category : security


Quantum Leap: Advanced Computing Is a Vulnerable Cyber Target


At Black Hat USA, researchers from Bitdefender and Transilvania Quantum will showcase how attackers can target quantum-based infrastructure.



The longstanding and prevailing concern about quantum computing among cybersecurity experts is that these systems will ultimately achieve enough processing power to break classic RSA encryption. While that prospect famously came to light three decades ago with
Shors algorithm
, it still overshadows the overlooked risk that todays quantum computers are not just potential platforms for attack but are also vulnerable as targets.  
A pair of researchers believe that the focus on the need for strong 
post-quantum cryptography (PQC)
, while a critical issue, shouldn’t eclipse the risk that quantum computing systems themselves face from cyberattacks. At next months
Black Hat USA 2024
conference in Las Vegas, Adrian Colesa, a senior security researcher at Bitdefender, and software engineer Sorin Bolos, co-founder of Transilvania Quantum, will discuss the risks and the real-world implications of quantum vulnerability. 
Bolos and Colesa will present the findings of a white paper in their
session,
entitled “From Weapon to Target: Quantum Computers Paradox,” on Thursday, Aug. 8.  
Most of the time, when people think about quantum computers and security together, they think about Shors algorithm and the fact that if you have a good enough quantum computer, you can use Shors algorithm to factor numbers and break cryptography, Bolos says. But we turned that on its head and said: How about quantum computers themselves? How secure are they? You would you attack them? 
As a startup company based in Romania that created the open source quantum computing platform Uranium for
prototyping quantum algorithms
, Bolos decided that he wanted Transilvania Quantum to research the security risks of
quantum computing infrastructure
. Because we only had expertise in quantum and not in cybersecurity, we turned to Bitdefender, he says.  
Last October, the two researchers began utilizing their complementary cybersecurity and quantum computing expertise, respectively. Transilvania focused on attacking quantum computers, notably those provided by IBM and IonQ, and quantum software development kits such as Qiskit.  
As a provider of endpoint protection, and cloud and managed cybersecurity tools, Bitdefender had some expertise in quantum concerning PQC, Transilvanias focus.  
The Bitdefender team investigated classical attack vectors, for instance, attacking the system of an end user or that the quantum development software could be corrupted by an attacker, and then looked at how cloud services, which provide access to quantum computers, could be attacked, Colesa explains. 
Bolos says they investigated the imperfections of quantum bits, or qubits, the quantum computing equivalent of bits in classic computing environments. Their research examined the potential for unwanted interactions, susceptibility to prompt injections, and other attack surfaces prevalent in traditional computing environments. 
We adapted the attacks for the quantum world and did our experiments, Bolos says.  
According to Bolos, organizations using quantum computing capability currently access it through quantum service providers, which he says are integrated platforms hosted in cloud services such as Microsoft Azure or Amazon Web Services, or by companies that host their own quantum clouds.  
In recent years, organizations with deep pockets have begun conducting research on how quantum computing can help them process complex computational workloads beyond the capabilities of even the most powerful classic systems.  
Among them are those in drug discovery and medical research, such as Amgen,
Cleveland Clinic
, Merck, and Johnson & Johnson. Also, most of the worlds largest financial services providers, including Bank of America, JP Morgan Chase, and Wells Fargo, have established research initiatives aimed at creating financial models not achievable with classic computing technologies. All of these could present rich targets for cybercriminals.  
Yet the two researchers indicate that because organizations like these are looking to beat their competitors with new breakthroughs, such as drug discoveries or financial models, security often becomes an afterthought.  
Colesa says they split the research into four ways an attacker could target a quantum computer: 
Attacks on quantum computers launched from classic systems; 
Attacks that manipulate the qubits quantum processing unit (QPU); 
Using quantum components to attack a QPU; 
And attacks on RSA-encrypted data.  
Many of the vulnerabilities they found in quantum computing systems share the same characteristics of classic computing environments, meaning they require similar practices.  
For instance, checking if the software development kit (SDK) is coming from a trusted source, or checking if a transpiled [the quantum equivalent of compiled] circuit is exactly what should be sent to the quantum computer, Colesa says.  
As quantum computers continue to grow in capacity beyond 1,000 qubits, Bolos warns that providers need to focus on error correction (i.e., the process of determining the root causes of risk to an organization). 
Errors can come either injected by someone or naturally from the environment, he says. Error correction is one of the key aspects of protecting against malicious users. 

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Quantum Leap: Advanced Computing Is a Vulnerable Cyber Target