A team of researchers has demonstrated how two commercial quantum key distribution (QKD) systems can be compromised by using tailored bright illumination to remotely control their detectors. This method allows an eavesdropper (Eve) to acquire the full secret key without leaving a trace of her presence. The study highlights a critical vulnerability in QKD systems that use avalanche photodiodes (APDs) to detect single photons. These detectors can be blinded by bright light, turning them into classical detectors that are fully controllable by Eve. This enables Eve to intercept and replicate the secret key with high accuracy. The research shows that the detectors in these systems can be manipulated by applying bright laser pulses, which cause the detectors to operate in a classical mode. This allows Eve to determine the bit values sent by the legitimate parties (Alice and Bob) without being detected. The study also demonstrates that this attack is applicable to various QKD protocols, including BB84, SARG04, and decoy-state BB84, as well as differential phase shift (DPS) and coherent one-way (COW) protocols. The researchers emphasize that this vulnerability is a result of the practical implementation of QKD systems, which deviate from the theoretical models used in security proofs. They argue that identifying and addressing such vulnerabilities is crucial for the security of practical QKD systems. The study also notes that the findings have implications for the future development of secure quantum communication technologies. The researchers have been notified of the vulnerability by the commercial vendors, and ID Quantique has implemented countermeasures. However, the study underscores the importance of thoroughly addressing security loopholes in QKD systems to ensure their practical security. The findings suggest that while quantum cryptography is not inherently insecure, it requires careful implementation and continuous improvement to ensure its reliability.A team of researchers has demonstrated how two commercial quantum key distribution (QKD) systems can be compromised by using tailored bright illumination to remotely control their detectors. This method allows an eavesdropper (Eve) to acquire the full secret key without leaving a trace of her presence. The study highlights a critical vulnerability in QKD systems that use avalanche photodiodes (APDs) to detect single photons. These detectors can be blinded by bright light, turning them into classical detectors that are fully controllable by Eve. This enables Eve to intercept and replicate the secret key with high accuracy. The research shows that the detectors in these systems can be manipulated by applying bright laser pulses, which cause the detectors to operate in a classical mode. This allows Eve to determine the bit values sent by the legitimate parties (Alice and Bob) without being detected. The study also demonstrates that this attack is applicable to various QKD protocols, including BB84, SARG04, and decoy-state BB84, as well as differential phase shift (DPS) and coherent one-way (COW) protocols. The researchers emphasize that this vulnerability is a result of the practical implementation of QKD systems, which deviate from the theoretical models used in security proofs. They argue that identifying and addressing such vulnerabilities is crucial for the security of practical QKD systems. The study also notes that the findings have implications for the future development of secure quantum communication technologies. The researchers have been notified of the vulnerability by the commercial vendors, and ID Quantique has implemented countermeasures. However, the study underscores the importance of thoroughly addressing security loopholes in QKD systems to ensure their practical security. The findings suggest that while quantum cryptography is not inherently insecure, it requires careful implementation and continuous improvement to ensure its reliability.