Residual cross-talk in superconducting qubit devices creates a security vulnerability for emerging quantum cloud services. We demonstrate a Clifford-only Quantum Rowhammer attack-using just X and CNOT gates-that injects faults on IBM's 127-qubit Eagle processors without requiring pulse-level access. Experiments show that targeted hammering induces localized errors confined to the attack cycle and primarily manifests as phase noise, as confirmed by near 50% flip rates under Hadamard-basis probing. A full lattice sweep maps QR's spatial and temporal behavior, revealing reproducible corruption limited to qubits within two coupling hops and rapid recovery in subsequent benign cycles. Finally, we leverage these properties to outline a prime-and-probe covert channel, demonstrating that the clear separability between hammered and benign rounds enables highly reliable signaling without error correction. These findings underscore the need for hardware-level isolation and scheduler-aware defenses as multi-tenant quantum computing becomes standard.

翻译：超导量子比特器件中的残余串扰为新兴量子云服务带来了安全漏洞。我们展示了一种仅使用X门和CNOT门的Clifford量子Rowhammer攻击，该攻击可在无需脉冲级访问权限的情况下，在IBM的127量子比特Eagle处理器上注入故障。实验表明，定向"锤击"会引发局限于攻击周期的局部化错误，且主要表现为相位噪声——这一结论通过Hadamard基探测下接近50%的翻转率得以证实。全晶格扫描绘制了量子Rowhammer的时空行为图谱，揭示了该攻击具有以下特征：其可复现的破坏效应仅限于两个耦合跃迁范围内的量子比特，且在后续良性周期中能快速恢复。最后，我们利用这些特性构建了"预置-探测"隐蔽信道，证明"锤击"轮次与良性轮次间的清晰可分离性能够在不依赖纠错的情况下实现高可靠信号传输。这些发现表明，随着多租户量子计算成为标准范式，硬件级隔离与调度感知防御机制已成为迫切需求。