Hackers crack commercial quantum encryption systems

  • It's just asking for trouble to describe an encryption system as 'unhackable - and now a Norwegian team claims to have cracked what's been hailed as the ultimate in secure communications, quantum cryptography.

    Quantum cryptography makes use of the Heisenberg uncertainty principle – observation causes perturbation – to reveal eavesdropping on an optical fiber. Any interference with the signal changes it, revealing the tampering.

    But although this might seem fool-proof, the security of quantum cryptography is still dependent on the lack of loopholes.

    "The security of quantum cryptography relies on quantum physics but not only - it must also be properly implemented. This fact was often overlooked in the past," says professor Gerd Leuchs of the University of Erlangen-Nürnberg and the Max Planck Institute for the Science of Light.

    And now the team in Erlangen, together with the Norwegian University of Science and Technology (NTNU), has found a technique to remotely
    control a key component of most of today’s quantum cryptography systems, the photon detector.

    "Unlike previously published attempts, this attack is implementable with current off-the-shelf components," says Dr Vadim Makarov, a researcher in the Quantum Hacking group at NTNU.

    "Our eavesdropping method worked both against MagiQ Technology's QPN 5505 and ID Quantique Clavis2 systems."

    The hackers simply used a laser to blind the receiver's photon detector while they intercepted the signal and generated a new one to send on to the receiver.

    Blasting the photon detector stops it acting as a specific photon detector, but still causes it to read a '1'. The hackers simply flashed a bright pulse of light at the detector every time a '1' was read in the original signal, meaning that the receiver still got the correct message.

    However, this message was a 'forgery' - a standard signal rather than a quantum one - meaning there was no indication that it had been intercepted.

    The hackers say they're revealed their technique to both system manufacturers, who have developed and tested a countermeasure. There's details of the hack, here.