QSpy: A Quantum RAT for Circuit Spying and IP Theft

TL;DR

The paper introduces QSpy, a proof-of-concept quantum remote access Trojan that intercepts and analyzes quantum circuits during submission, exposing security vulnerabilities in cloud-based quantum computing platforms.

Contribution

It presents the first proof-of-concept MITM attack on quantum circuit submissions, highlighting security risks and the need for submission-layer protections in quantum cloud services.

Findings

QSpy can silently intercept quantum circuits without detection.

The attack can categorize and analyze intercepted circuits remotely.

The model applies broadly to delegated quantum computing workflows.

Abstract

As quantum computing platforms increasingly adopt cloud-based execution, users submit quantum circuits to remote compilers and backends, trusting that what they submit is exactly what will be run. This shift introduces new trust assumptions in the submission pipeline, which remain largely unexamined. In this paper, we present QSpy, the first proof-of-concept Quantum Remote Access Trojan capable of intercepting quantum circuits in transit. Once deployed on a user's machine, QSpy silently installs a rogue certificate authority and proxies outgoing API traffic, enabling a man-in-the-middle (MITM) attack on submitted quantum circuits. We show that the intercepted quantum circuits may be forwarded to a remote server, which is capable of categorizing, storing, and analyzing them, without disrupting execution or triggering authentication failures. Our prototype targets IBM Qiskit APIs on a Windows system, but the attack model generalizes to other delegated quantum computing workflows. This work highlights the urgent need for submission-layer protections and demonstrates how even classical attack primitives can pose critical threats to quantum workloads.