{"id":4576,"date":"2024-07-22T11:45:50","date_gmt":"2024-07-22T16:45:50","guid":{"rendered":"https:\/\/www.darkreading.com\/cyber-risk\/quantum-leap-advanced-computing-vulnerable-cyber-target"},"modified":"2024-07-22T11:45:50","modified_gmt":"2024-07-22T16:45:50","slug":"quantum-leap-advanced-computing-is-a-vulnerable-cyber-target","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/07\/22\/quantum-leap-advanced-computing-is-a-vulnerable-cyber-target\/","title":{"rendered":"Quantum Leap: Advanced Computing Is a Vulnerable Cyber Target"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

The longstanding and prevailing concern about quantum computing among cybersecurity experts is that these systems will ultimately achieve enough processing power to break classic RSA encryption. While that prospect famously came to light three decades ago with <\/span>Shor’s algorithm<\/a><\/span>, it still overshadows the overlooked risk that today’s quantum computers are not just potential platforms for attack but are also vulnerable as targets.  <\/span><\/p>\n

A pair of researchers believe that the focus on the need for strong <\/span>post-quantum cryptography (PQC)<\/a><\/span>, while a critical issue, shouldn\u2019t eclipse the risk that quantum computing systems themselves face from cyberattacks. At next month’s <\/span>Black Hat USA 2024<\/a><\/span> conference in Las Vegas, Adrian Colesa, a senior security researcher at Bitdefender, and software engineer Sorin Bolos, co-founder of Transilvania Quantum, will discuss the risks and the real-world implications of quantum vulnerability. <\/span><\/p>\n

Assessing Risk to Post-Quantum Computing Platforms<\/h2>\n

Bolos and Colesa will present the findings of a white paper in their <\/span>session,<\/a><\/span> entitled \u201cFrom Weapon to Target: Quantum Computers Paradox,\u201d on Thursday, Aug. 8.  <\/span><\/p>\n

“Most of the time, when people think about quantum computers and security together, they think about Shor’s algorithm and the fact that if you have a good enough quantum computer, you can use Shor’s algorithm to factor numbers and break cryptography,” Bolos says. “But we turned that on its head and said: ‘How about quantum computers themselves? How secure are they? You would you attack them?'” <\/span><\/p>\n

As a startup company based in Romania that created the open source quantum computing platform Uranium for <\/span>prototyping quantum algorithms<\/a><\/span>, Bolos decided that he wanted Transilvania Quantum to research the security risks of <\/span>quantum computing infrastructure<\/a><\/span>. “Because we only had expertise in quantum and not in cybersecurity, we turned to Bitdefender,” he says.  <\/span><\/p>\n

Last October, the two researchers began utilizing their complementary cybersecurity and quantum computing expertise, respectively. Transilvania focused on attacking quantum computers, notably those provided by IBM and IonQ, and quantum software development kits such as Qiskit.  <\/span><\/p>\n

As a provider of endpoint protection, and cloud and managed cybersecurity tools, Bitdefender had some expertise in quantum concerning PQC, Transilvania’s focus.  <\/span><\/p>\n

“The Bitdefender team investigated classical attack vectors, for instance, attacking the system of an end user or that the quantum development software could be corrupted by an attacker, and then looked at how cloud services, which provide access to quantum computers, could be attacked,” Colesa explains. <\/span><\/p>\n

Finding Weaknesses in Qubits & More<\/h2>\n

Bolos says they investigated the imperfections of quantum bits, or qubits, the quantum computing equivalent of bits in classic computing environments. Their research examined the potential for unwanted interactions, susceptibility to prompt injections, and other attack surfaces prevalent in traditional computing environments. <\/span><\/p>\n

“We adapted the attacks for the quantum world and did our experiments,” Bolos says.  <\/span><\/p>\n

According to Bolos, organizations using quantum computing capability currently access it through quantum service providers, which he says are integrated platforms hosted in cloud services such as Microsoft Azure or Amazon Web Services, or by companies that host their own quantum clouds.  <\/span><\/p>\n

In recent years, organizations with deep pockets have begun conducting research on how quantum computing can help them process complex computational workloads beyond the capabilities of even the most powerful classic systems.  <\/span><\/p>\n

Among them are those in drug discovery and medical research, such as Amgen, <\/span>Cleveland Clinic<\/a><\/span>, Merck, and Johnson & Johnson. Also, most of the world’s largest financial services providers, including Bank of America, JP Morgan Chase, and Wells Fargo, have established research initiatives aimed at creating financial models not achievable with classic computing technologies. All of these could present rich targets for cybercriminals.  <\/span><\/p>\n

Yet the two researchers indicate that because organizations like these are looking to beat their competitors with new breakthroughs, such as drug discoveries or financial models, security often becomes an afterthought.  <\/span><\/p>\n

Colesa says they split the research into four ways an attacker could target a quantum computer: <\/span><\/p>\n

\n