Forget Phishing Emails, DNA Could Carry Computer Viruses

Share

The researchers proved that the malware encoded inside DNA could take over a computer sequencing the genetic material.

The result, finally, was a piece of attack software that could survive the translation from physical DNA to the digital format, known as FASTQ, that's used to store the DNA sequence.

As a result, in future, when considering the security of computational biology systems, on top of traditional concerns such as network connectivity and internal drives drive, information stored in the DNA computers are sequencing needs to be key security priority. Researchers are calling this the first "DNA-based exploit of a computer system". "Many were written in programming languages known to routinely contain security problems, and we found early indicators of security problems and vulnerable code".

Computer scientists are turning DNA into a new frontier for data storage and information processing, but a team from the University of Washington says it could become a frontier for cybercrime as well. However, they should be prepared before these attack vectors are adopted by the criminal community. After sequencing, this DNA data is processed and analyzed by computer programs.

In what appears to be the first successful hack of a software program using DNA, researchers say malware they incorporated into a genetic molecule allowed them to take control of a computer used to analyze it.

Copies of the DNA were ordered online. While this phenomena is known to the sequencing community, we provide the first discussion of how this leakage channel could be used adversarially to inject data or reveal sensitive information.

In a unusual first, the researchers at the University of Washington have found a way to infect DNA strands with malicious code while DNA sequencing. The study, entitled "Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More", is already available at the team's website. The data can be retrieved by running the strands through DNA sequencing machines. The natural stability of DNA depends on a regular proportion of A-T and G-C pairs, and while a buffer overflow often involves using the same strings of data repeatedly, doing so in this case caused the DNA strand to fold in on itself, necessitating the repeated rewriting of their exploit code to find a form that could survive as DNA, which the synthesis service would ultimately send them in the mail.

More news: Photoshop fail? Rihanna accused of altering colourful Crop Over fest photo
More news: Two more owners join the Overwatch League
More news: Kohl's looking better in Q2

They said closing the security gaps in the software that's used for analyzing DNA is mostly a matter of following best practices in the computer industry.

When asked by Devin Coldewey of TechCrunch if such a malicious payload could be "delivered via, for example, a doctored blood sample or even directly from a person's body?" They also clarified that if hackers attack DNA sequencing technologies it won't actually affect your genome, or of other living organisms.

The team, however, warns that hackers could use the more typical hacking methods to target genetic data, mainly because these facilities aren't secured properly - reminds you of some recent hospital "takeovers"?

DNA is built up of foundational units called nucleotides.

The fixes are relatively straightforward, but programmers will have to be as careful about DNA code as they are about the more usual kind of computer code.

"This is something [the genomics industry] and the US government should be concerned about", said Tadayoshi Kohno, a computer-science professor at the university and a member of the research team.

Share