Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

QSpy: A Quantum RAT for Circuit Spying and IP Theft

Amal Raj, Vivek Balachandran

TL;DR

QSpy is presented, the first proof-of-concept Quantum Remote Access Trojan capable of intercepting quantum circuits in transit and being forwarded to a remote server, which is capable of categorizing, storing, and analyzing them, without disrupting execution or triggering authentication failures.

Abstract

As quantum computing platforms increasingly adopt cloud-based execution, users submit quantum circuits to remote compilers and backends, trusting that what they submit is exactly what will be run. This shift introduces new trust assumptions in the submission pipeline, which remain largely unexamined. In this paper, we present QSpy, the first proof-of-concept Quantum Remote Access Trojan capable of intercepting quantum circuits in transit. Once deployed on a user's machine, QSpy silently installs a rogue certificate authority and proxies outgoing API traffic, enabling a man-in-the-middle (MITM) attack on submitted quantum circuits. We show that the intercepted quantum circuits may be forwarded to a remote server, which is capable of categorizing, storing, and analyzing them, without disrupting execution or triggering authentication failures. Our prototype targets IBM Qiskit APIs on a Windows system, but the attack model generalizes to other delegated quantum computing workflows. This work highlights the urgent need for submission-layer protections and demonstrates how even classical attack primitives can pose critical threats to quantum workloads.

QSpy: A Quantum RAT for Circuit Spying and IP Theft

TL;DR

QSpy is presented, the first proof-of-concept Quantum Remote Access Trojan capable of intercepting quantum circuits in transit and being forwarded to a remote server, which is capable of categorizing, storing, and analyzing them, without disrupting execution or triggering authentication failures.

Abstract

As quantum computing platforms increasingly adopt cloud-based execution, users submit quantum circuits to remote compilers and backends, trusting that what they submit is exactly what will be run. This shift introduces new trust assumptions in the submission pipeline, which remain largely unexamined. In this paper, we present QSpy, the first proof-of-concept Quantum Remote Access Trojan capable of intercepting quantum circuits in transit. Once deployed on a user's machine, QSpy silently installs a rogue certificate authority and proxies outgoing API traffic, enabling a man-in-the-middle (MITM) attack on submitted quantum circuits. We show that the intercepted quantum circuits may be forwarded to a remote server, which is capable of categorizing, storing, and analyzing them, without disrupting execution or triggering authentication failures. Our prototype targets IBM Qiskit APIs on a Windows system, but the attack model generalizes to other delegated quantum computing workflows. This work highlights the urgent need for submission-layer protections and demonstrates how even classical attack primitives can pose critical threats to quantum workloads.
Paper Structure (18 sections, 1 equation, 4 figures)

This paper contains 18 sections, 1 equation, 4 figures.

Table of Contents

  1. Introduction
  2. Background and Threat Model
  3. Threat Model
  4. Literature Review
  5. Methodology
  6. Native delegated-execution workflow (no interception)
  7. Adversary model and objective
  8. Establishing visibility into encrypted traffic
  9. Passive interception, filtering, and record reconstruction
  10. Implementation Setup
  11. Client-Side Execution Flow
  12. HTTPS Interception and Endpoint Filtering
  13. Submission Capture and Temporary Buffering
  14. Job Identifier Binding
  15. Result Correlation
  16. ...and 3 more sections

Figures (4)

  • Figure 1: High-level overview of the QSpy attack model. QSpy is deployed on the client machine, intercepts quantum job submissions and corresponding results, forwards them unchanged to the quantum cloud backend, and exports correlated circuit data and results to a remote adversary server.
  • Figure 2: Native delegated-execution workflow: submission returns a job identifier while execution proceeds asynchronously; the client later requests results using the identifier once execution completes.
  • Figure 3: End-to-end workflow of QSpy. QSpy acts as a passive Quantum RAT that intercepts client SDK traffic, correlates job submissions and results using job_id, and forwards consolidated records to an adversary server for storage and analysis, while preserving the user-visible execution flow.
  • Figure 4: Dashboard showing the quantum circuit, and results along with the user data