Malicious Code Inside Strand Of DNA Used to Infect Computer

Many open source DNA processing programs were written in languages known to have security problems such as C and C++, and the researchers say that security sequencing is not up to scratch when it comes to defending against cyber attackers.

"For example, most had little input sanitization and used insecure functions".

Researchers hypothesized that it may be possible to produce malware-laden DNA strands that, if sequenced and analyzed, could compromise a computer. Recently there have been two key areas of research for scientists: sequencing the DNA to understand the role it plays in human development and synthesizing DNA to try to create life or edit out diseases.

The hack was done as an invitation to battle to the hereditary information handling group to guarantee best practices and to provoke a discourse about the directions around DNA sequencing. In July, scientists successfully encoded a GIF of Eadweard Muybridge's pioneering galloping horse clip into the DNA of living cells. Still, the result effect of the DNA-based exploit was crystal clear: the vulnerable software provided them with the capability of remotely controlling the computer on which it was installed.

Why would anybody want to do this? The study notes that there is no known evidence of outside attacks on DNA analysis software at this time, but as these technologies become more ubiquitous our current computational ecosystems need to be secured.

'It remains to be seen how useful this would be, but we wondered whether under semi-realistic circumstances it would be possible to use biological molecules to infect a computer through normal DNA processing, ' said co-author Peter Ney.

And if you're already thinking about the plot of a science-fiction spy thriller based on these findings, the researchers also emphasized that these synthetic strains can't be used to put a computer virus in people.

The team also noted that they intentionally programmed a vulnerability into the computer that was tasked with reading the DNA, which is what allowed the malware to take control in the first place.

The team will present the study at the upcoming USENIX Security Symposium in Vancouver.

"We know that if an adversary has control over the data a computer is processing, it can potentially take over that computer", Tadayoshi Kohno, University of Washington computer science professor, told Wired.

The synthetic strands were passed through a sequencing machine, which converted the gene letters into digits - 0s and 1s.

DNA is like the hard drive for you body.

Part of the motivation for the University of Washington scientists' malware DNA research is to prepare the cybersecurity field for the new malware methods of the future.

"We have no evidence to believe that the security of DNA sequencing or DNA data in general is now under attack", researchers wrote. Rather than storing data created to infect animals, they have experimented with storing real computer malware.

"The DNA sequencing community, and especially the programmers of bioinformatics tools, should consider computer security when developing software".

Vanessa Coleman

Comments