It’s just asking for trouble to describe an encryption system as ‘unhackable – and now a Norwegian team claims to have cracked what’s been hailed as the ultimate in secure communications, quantum cryptography.
Quantum cryptography makes use of the Heisenberg uncertainty principle – observation causes perturbation – to reveal eavesdropping on an optical fiber. Any interference with the signal changes it, revealing the tampering.
But although this might seem fool-proof, the security of quantum cryptography is still dependent on the lack of loopholes.
“The security of quantum cryptography relies on quantum physics but not only – it must also be properly implemented. This fact was often overlooked in the past,” says professor Gerd Leuchs of the University of Erlangen-Nürnberg and the Max Planck Institute for the Science of Light.
And now the team in Erlangen, together with the Norwegian University of Science and Technology (NTNU), has found a technique to remotely
control a key component of most of today’s quantum cryptography systems, the photon detector.
“Unlike previously published attempts, this attack is implementable with current off-the-shelf components,” says Dr Vadim Makarov, a researcher in the Quantum Hacking group at NTNU.
“Our eavesdropping method worked both against MagiQ Technology’s QPN 5505 and ID Quantique Clavis2 systems.”
The hackers simply used a laser to blind the receiver’s photon detector while they intercepted the signal and generated a new one to send on to the receiver.
Blasting the photon detector stops it acting as a specific photon detector, but still causes it to read a ‘1’. The hackers simply flashed a bright pulse of light at the detector every time a ‘1’ was read in the original signal, meaning that the receiver still got the correct message.
However, this message was a ‘forgery’ – a standard signal rather than a quantum one – meaning there was no indication that it had been intercepted.
The hackers say they’re revealed their technique to both system manufacturers, who have developed and tested a countermeasure. There’s details of the hack, here.