Qubit Rowhammer Attack Achieves 50% Flip Rates, Exposing Cloud Security Vulnerabilities

The increasing complexity of quantum computers introduces new security challenges, and researchers now demonstrate a vulnerability stemming from inherent cross-talk between superconducting qubits. Devon Campbell from Columbia University and colleagues reveal a “Rowhammer” attack, exploiting this cross-talk to induce errors in quantum processors without needing advanced control over the system. Their experiments on a 127-qubit processor show that carefully targeted sequences of basic quantum operations, specifically X and CNOT gates, reliably create errors that manifest as phase noise, and these errors remain localized to nearby qubits. This research is significant because it establishes a pathway for covert communication and highlights the urgent need for improved hardware isolation and scheduling strategies as quantum computing moves towards multi-tenant cloud services.

Targeted manipulation of qubits induces localised errors confined to the attack cycle, primarily manifesting as phase noise, as confirmed by near 50% flip rates under probing. A comprehensive lattice sweep maps the quantum register’s spatial and temporal behaviour, revealing reproducible corruption limited to qubits within two coupling hops and rapid recovery in subsequent benign cycles. Consequently, these properties enable the outlining of a prime-and-probe covert channel, demonstrating that the clear separability between manipulated and idle cycles facilitates highly reliable signalling without error correction.

Quantum Rowhammer Exploits Superconducting Qubits

Scientists have demonstrated a significant security vulnerability in current superconducting qubit technology, revealing that a Quantum Rowhammer (QR) attack can induce faults on a 127-qubit processor without requiring low-level control access. The team successfully triggered errors using only standard Clifford gates, specifically X and CNOT operations, highlighting a critical risk for emerging cloud services and multi-tenant quantum computing. Experiments reveal that targeted manipulation induces localised errors confined to the attack cycle, primarily manifesting as phase noise, as confirmed by near 50% flip rates when probing with measurements. This research establishes that a minimal Clifford gate set is sufficient to conduct the QR attack, bypassing the need for deprecated pulse-level controls and demonstrating a persistent vulnerability inherent in the fundamental gate set used for quantum computation.

A comprehensive lattice sweep mapped the spatial and temporal behaviour of the attack, showing reproducible corruption limited to qubits within two coupling hops and rapid recovery in subsequent benign cycles, indicating a highly localised effect. The team characterised the induced errors, finding that the 50% flip rates strongly suggest phase randomization, a signature consistent with dephasing-dominated noise, and confirming the nature of the disturbance. Furthermore, scientists leveraged these properties to outline a prime-and-probe covert channel, demonstrating that the clear separation between manipulated and idle cycles enables highly reliable signalling without error correction, achieving up to approximately 460 bits per second under realistic timings. This discovery underscores the need for hardware-level isolation and scheduler-aware defences as multi-tenant quantum computing becomes standard, emphasising the importance of protecting sensitive workloads from co-resident attacks exploiting physical cross-talk. The findings represent a crucial step toward securing future quantum cloud platforms and ensuring the integrity of quantum computations.

Quantum Rowhammer Exploits Superconducting Qubits

This research demonstrates that even simple quantum circuits, utilising only standard gate operations, can induce errors in modern superconducting qubit hardware through a Quantum Rowhammer attack. Experiments reveal that targeted manipulation of qubits causes localised errors, primarily manifesting as phase noise and resulting in significant bit-flip rates, but remains confined to qubits within a limited range of the attack. The induced errors are repeatable and appear only during specific manipulation cycles, enabling the creation of a low-bandwidth covert channel capable of transmitting information across tenant boundaries. The findings highlight a critical vulnerability in multi-tenant quantum computing environments, where shared hardware introduces the risk of physical-layer interference. The authors acknowledge that this study was conducted in a controlled setting and did not implement a complete sender/receiver protocol, suggesting future work should focus on demonstrating a practical “Prime-and-Probe” attack on existing cloud back-ends to quantify real-world performance. While IBM’s recent implementation of tunable bus couplers in newer hardware offers a promising step towards mitigating cross-talk, the research underscores the need for comprehensive security engineering at all levels of the quantum computing stack, encompassing hardware, middleware, and scheduling policies, to defend against these emerging side-channel vulnerabilities.