Software vulnerabilities, attacks on the quantum Internet - what can we expect from criminals?
The analytical agency Gartner predicts that by 2025, about 40% of large companies will start implementing quantum technologies and conduct pilot projects based on them. According to McKinsey & Company's 2023 report, investment in quantum technologies has reached a new high of $ 2.35 billion. Interest in quantum technologies is shown not only by corporations, but also by cybercriminals looking for new ways to organize cyber attacks.
Positive Technologies specialists together with KuBord, qApp and the Russian Quantum Center presented the study "Security of quantum technologies in the field of IT". It identifies the main cyber threats that threaten quantum technologies: information theft, software vulnerabilities, and attacks on the quantum Internet.
The main threats of quantum technologies
Among the key threats, 5 aspects are identified.
Experts also highlight the threats associated with post-quantum cryptography. The "store now, decrypt later" tactic will allow attackers to decrypt data using a powerful quantum computer in the future. For protection, some companies are starting to implement a method of post-quantum encryption.
Quantum technologies are actively developing in Russia. The main driver is the road maps of the "Quantum Computing" and "Quantum Communications" directions, which are supervised by Rosatom and Russian Railways. Quantum technologies have become one of the cross-cutting topics in the national project "Data Economy". Research centers, state corporations, businesses, and universities initiate projects related to the study of quantum technologies in Russia.
There is no comprehensive protection of quantum technologies from cyber threats yet, which is due to the variability of their development. Vendors see the opening of new bug bounty programs to identify vulnerabilities in quantum systems as one of the promising areas of protection.
An important step for future cybersecurity is the concept of quantum key distribution, which is being worked on, and which promises to create more secure communication channels.
The analytical agency Gartner predicts that by 2025, about 40% of large companies will start implementing quantum technologies and conduct pilot projects based on them. According to McKinsey & Company's 2023 report, investment in quantum technologies has reached a new high of $ 2.35 billion. Interest in quantum technologies is shown not only by corporations, but also by cybercriminals looking for new ways to organize cyber attacks.
Positive Technologies specialists together with KuBord, qApp and the Russian Quantum Center presented the study "Security of quantum technologies in the field of IT". It identifies the main cyber threats that threaten quantum technologies: information theft, software vulnerabilities, and attacks on the quantum Internet.
The main threats of quantum technologies
Among the key threats, 5 aspects are identified.
- Threats at the physical level related to the instability and sensitivity of qubits. Attackers can conduct a denial-of-service (DoS) attack by heating up a quantum computer and interfering with data corruption. The equipment is highly sensitive to the external environment, which makes such attacks possible.
- Theft of confidential information. Experts predict that the results of quantum computing will be highly valued by attackers, since the systems and calculations themselves are very expensive. As soon as a truly powerful quantum computer appears, the race between tech giants will move to a new level.
- Vulnerabilities in quantum computing software. Vulnerabilities have already been identified in solutions used to implement quantum circuits. For example, two high – risk vulnerabilities were discovered in NVIDIA cuQuantum-CVE-2018-20225 and CVE-2023-36632, and in the Quantum Development Kit for Visual Studio Code library-CVE-2021-27082, which also has a high level of danger. In the future, exploiting the shortcomings of quantum software can lead to the leakage of confidential information and the failure of equipment.
- Threat to cloud computing. The development of quantum technology cloud resources will encourage cybercriminals to look for vulnerabilities in vendors solutions and conduct attacks on IT companies. Cyber threats include incorrect configuration of cloud services, vulnerabilities in them, and unsafe data storage and processing.
- Attacks on the quantum Internet. The goals of the attacks are similar to attacks on classical networks: stealing information, violating the integrity or availability of quantum nodes, and seizing a quantum connection or computing resources.
- Post-quantum Cryptography and Development in Russia
Experts also highlight the threats associated with post-quantum cryptography. The "store now, decrypt later" tactic will allow attackers to decrypt data using a powerful quantum computer in the future. For protection, some companies are starting to implement a method of post-quantum encryption.
Quantum technologies are actively developing in Russia. The main driver is the road maps of the "Quantum Computing" and "Quantum Communications" directions, which are supervised by Rosatom and Russian Railways. Quantum technologies have become one of the cross-cutting topics in the national project "Data Economy". Research centers, state corporations, businesses, and universities initiate projects related to the study of quantum technologies in Russia.
There is no comprehensive protection of quantum technologies from cyber threats yet, which is due to the variability of their development. Vendors see the opening of new bug bounty programs to identify vulnerabilities in quantum systems as one of the promising areas of protection.
An important step for future cybersecurity is the concept of quantum key distribution, which is being worked on, and which promises to create more secure communication channels.
