Boffins find quantum cryptography loophole

Magnifying glass inspecting computer code

Vulnerabilities can be exploited in quantum cryptography, a method believed to have been close to flawless in terms of security, researchers have claimed.

Quantum cryptography uses the Heisenberg uncertainty principle that rules observation causes perturbation, meaning anyone who is trying to spy on a quantum key distribution system should be caught with ease.

However, the technology also requires no vulnerabilities to be present during implementation, just like with standard security products, and this is where systems could be exploited.

The loophole found by researchers, who sent their preliminary findings in a letter to Nature Photonics, involved using specially tailored bright illumination to effectively blind detectors in quantum key distribution systems.

This flaw could allow attackers to gain control over the detectors and get a perfect copy of the encryption key, without leaving any sign of a hack.

The team consisted of academics from the Norwegian University of Science and Technology (NTNU), the University of Erlangen-Nrnberg and the Max Planck Institute for the Science of Light.

They said the eavesdropping method was effective against both MagiQ Technology's QPN 5505 and ID Quantique Clavis2 quantum cryptography systems, both of which are commercially available.

ID Quantique has been working with NTNU on securing products and they will continue to collaborate on testing security aspects of the company's quantum cryptography solutions.

"Testing is a necessary step to validate a new security technology and the fact that this process is applied today to quantum cryptography is a sign of maturity for this technology," said Gregoire Ribordy, chief executive (CEO) of ID Quantique.

The researchers are working with other manufacturers to create countermeasures for identifying security holes.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.