
Hackers could steal sensitive data from a quantum computer even if the information were carefully wiped, researchers have warned.
While quantum computers aren’t yet large or reliable enough to solve significant real-world problems, companies such as Amazon and Microsoft offer timeshare access to nascent machines. Users are given access to just part of a computer while others also use it, or can use a whole machine for a specific period of time, in much the same way that mainframe computers were used in the 1960s and 1970s.
Allocating access like this makes efficient use of machines that are expensive to build and maintain. But Allen Mi and his colleagues at Yale University say it comes at a cost to security.
Advertisement
The researchers looked , which offers the largest selection of computers. In an experiment, the team was able to access a quantum computer after someone else had been using it and the qubits reset, reverse-engineer the final state of qubits on the last run and access their data.
This reverse engineering was 95 per cent accurate if the qubits had been reset just once. If they had been reset multiple times, the researchers could still access data with diminishing accuracy as the number of resets rose, if they knew how many resets had been done. That accuracy never reached as low as 50 per cent – which would be equivalent to a random guess – no matter how many resets were performed.
Mi says it is therefore vital that quantum computer operators perform a random number of resets to prevent reverse engineering.
He warns that the sort of data leakage he and his colleagues observed opens the door to hacking and industrial or national espionage. For example, pharmaceutical companies might use a quantum computer to calculate how a protein will fold and a competitor might be able to steal this information. “I’m not trying to sound alarmist about this, but it goes to show that tasks that may seem benign might have the potential of carrying highly sensitive data,” he says.
, a cybersecurity consultant and researcher, says quantum machines are currently too small and unreliable to be used for real computation of valuable data, making any attack pointless. But he says it is wise that people are thinking about the issue while the technology matures.
“There’s no money in such abuses, no political gain, so no conceivable motivation. Such attack demonstrations are a curiosity, but also a problem we should be aware of,” he says. “Let’s be wiser this time around about security than we were with classical computers in the early days.”
“The findings of this paper are based on the results of individual users within individual sessions. The authors identify no data that was shared between users or between sessions. The “reset” instruction referenced in the paper is designed to allow a single user to re-use qubits. When one user has finished, IBM runs a more robust initialization procedure between user programs that prevents any subsequent users from obtaining information. IBM Quantum has the largest, most secure cloud offering in the sector,” says Blake Johnson at IBM Quantum.
2022 ACM SIGSAC Conference on Computer and Communications Security
Article amended on 21 November 2022
We removed the details of a second quantum hack