The study was presented during the cyberfestival Positive Hack Days 2 taking place on May 23–26 at the Luzhniki sports complex in Moscow.
Gartner forecasts that by 2025, about 40% of large enterprises will support quantum technologies and run pilot projects based on them. According to a 2023 report by McKinsey & Company, investment in quantum technology has reached a new high of $2.35 billion. Meanwhile, the quantum world is attracting not only enterprises, but potentially also cybercriminals looking for new ways to organize cyberattacks. Positive Technologies in partnership with QBoard, QApp, and the Russian Quantum Center presented a study on the security of quantum technologies in IT, identifying the main cyberthreats to the quantum world. Information theft, software vulnerabilities, and attacks via the quantum internet top the list.
According to the study, there are five main threats to quantum technologies. The first four are threats to quantum computers, the last one affects quantum communications.
1. Physical threats related to the instability and sensitivity of qubits (quantum bits). Experts believe that attackers can carry out denial-of-service (DoS) attacks: for example, by heating up quantum computers and causing interference to corrupt data. At present, such attacks are possible because the equipment is highly sensitive to the external environment, which may allow attackers to cause equipment malfunction.
2. Theft of confidential information. Experts predict that the stolen results of quantum computing will be highly valued by attackers, as the quantum systems and the calculations based on them are very expensive.
"The emergence of a truly powerful quantum computer, capable of solving mathematical problems that are unsolvable today, will take the race between the tech giants to a new level. Computation results will become more valuable to competitors and hackers alike. And safeguarding the results of quantum computing will be a major function of cybersecurity," comments Ekaterina Snegireva, Senior Analyst at Positive Technologies. "The usual race between cyberattackers and defenders will also move to a new level with the advent of quantum computers."
3. Vulnerabilities in software designed for quantum computing will also pose a serious threat. They have already been found in some underlying solutions. For example, two high-severity vulnerabilities have been discovered in the NVIDIA cuQuantum Appliance: CVE-2023-36632 and CVE-2018-20225. Another high-severity vulnerability was found in the Quantum Development Kit library for Visual Studio Code: CVE-2021-27082. In the future, the exploitation of quantum software vulnerabilities could lead to leakage of sensitive information, hijacking of hardware resources, and disabling of equipment.
4. Threat to cloud computing. The development of cloud-based quantum solutions is likely to encourage attackers to actively search for vulnerabilities in solutions of various vendors and attack IT companies that provide quantum-based services. Typical cyberthreats here include improper configuration of cloud services, vulnerabilities in cloud services, insecure data storage, insecure data processing by service providers, and denial-of-service attacks. These issues also pose a threat to Quantum Computing-as-a-Service (QCaaS) infrastructures.
5. Attacks against the quantum internet. Attacks against the quantum internet pursue goals similar to those of attacks on conventional networks: stealing information, disrupting the integrity or availability of quantum nodes or quantum networks, and hijacking quantum connections or computational resources.
According to the experts, the threats to post-quantum cryptography are no less significant. As noted in the study, the "store now, decrypt later" tactic will allow attackers to decrypt the stolen data in the future, using a more powerful quantum computer. As a result, a lot of sensitive data is already at risk. To protect themselves, some companies are starting to implement the so-called post-quantum cryptography methods.
"Quantum technologies will enter a phase of complex development efforts in 2025–2030 and beyond. New high-tech products and services will be created by combining quantum technology with adjacent and complementary technologies such as biomedical engineering, new materials, artificial intelligence, and more. These products and services are expected to be implemented in the high-priority sectors of the economy," says Yaroslav Borisov, Head of New Projects at Kvant Joint Venture, LLC. "As a result, a new high-tech industry will emerge, offering market-driven solutions, products, and services for various needs, including cybersecurity."
"Due to the rapid development of quantum technologies and the emergence of the quantum industry, we must start thinking about their possible implications as soon as possible," mentions Aleksey Fedorov, Head of the Science Team at the Russian Quantum Center. "Along with obvious advantages, quantum computers create a threat to information infrastructures which are based on conventional cryptographic algorithms. Now is the time to embrace quantum-resistant solutions. In addition, quantum computing services themselves may be targeted, given their importance for various tasks. To fully integrate quantum computing into business processes, we need to anticipate possible attack scenarios and eliminate weaknesses that would enable such attacks."
"Middleware and end-user software based on post-quantum algorithms can improve the cybersecurity of a wide range of solutions, including those leveraging quantum technologies. Technology synergies with quantum communications solutions have been identified and are being tested, and work is underway in other areas," comments Anton Guglya, CEO of QApp.
However, due to the high variability of emerging quantum tech—based products, there are currently no comprehensive cybersecurity tools for quantum technology in the market. Some vendors, including Positive Technologies, see the launch of new bug bounty programs to find vulnerabilities in quantum systems as a promising option. Another important step for the future of cybersecurity is quantum key distribution. Many research centers are now working on this concept, with the expectation of creating more secure communication channels.
