A team of researchers have successfully infected a computer system using a strand of human DNA encoded with a malicious program. They did that by synthesizing DNA strands which contain computer security exploits. Finally storing DNA sequence data in cloud services also poses risks.
"After DNA is sequenced, it is usually processed and analysed by a number of computer programs through what is called the DNA data processing pipeline", wrote the researchers. The researchers have shown that hackers can use DNA to write malicious code and affect the machine reading it.
"We were able to remotely exploit and gain full control over a computer using adversarial synthetic DNA", a news release said. Modern sequencing techniques can go through hundreds of millions of DNA strands at the same time, and the sequencing machines themselves need to hookup to computers.
'It remains to be seen how useful this would be, but we wondered whether under semi-realistic circumstances it would be possible to use biological molecules to infect a computer through normal DNA processing, ' said co-author Peter Ney. For example, if an attacker knew DNA samples will be sequenced on a computer they contaminate blood and saliva samples with a specially crafted synthetic gene. The results of the study will be presented on 17 August at the 26th USENIX Security Symposium.
The ability to hack into a computer through malware stored in DNA sounds like something out of a science fiction movie.
Research has already shown that it is possible to transfer data using DNA.
In a nutshell, malware is decompiled into binary data, then those 1s and 0s are assigned to the C, G, A, and T nucleobases in physical DNA.
This is because security protocols surrounding DNA transcription and analysis "can be inadequate, and vulnerabilities have been discovered in the open-source software used in labs around the world".
"We again stress that there is no cause for people to be alarmed today", the team added, "But we also encourage the DNA sequencing community to proactively address computer security risks before any adversaries manifest".
While vulnerabilities of this kind are typically targeted by malware and remote hacking, the team investigated the possibility that future attack vectors may emerged from the very materials being handled, in this case DNA being transcribed and digitised for further analysis.
But why would anyone want to hack a computer with a malicious DNA strand? "Third, you might envision a scenario where someone (such as a manufacturer of GMO seeds) wants to prevent others from easily sequencing the DNA in products they sell".
"The DNA sequencing community, and especially the programmers of bioinformatics tools, should consider computer security when developing software". Through this the molecular code was converted into computer code, and this malicious software proved capable of taking over the computer connected to the DNA sequencer.