Malware in the Genetic Code

When the strand was sequenced and processed by the vulnerable program it gave remote control of the computer that was analyzing it, which means hackers could also remotely exploit and gain full control of a computer by using a synthetic DNA strand. In another scenario, as different DNA samples are often sequenced together, errors in a sequencing process could cause the malicious data in a DNA to end up in other people's data. However, while the idea of human DNA being a route for hackers to spread malware is terrifying, the researchers said there is no evidence to suggests that the security around DNA sequencing is under attack, and that the goal of the research was to create awareness.

A person's DNA includes private information, like health, family history and appearance, but that data could be hacked, according to a new study by the Paul G. Allen School of Computer Science and Engineering at the University of Washington.

"It is time to improve the state of DNA security", say the researchers.

Given the nature of the data typically handled, this could be a major issue in future - as the molecular and electronic worlds grow ever-closer, potential interactions between the two loom on the horizon, which no one has hitherto contemplated. The researchers who developed it argue an attacker could use it to hack any computer in the DNA sequencing pipeline.

In an interview with Wired, the researchers described their process for infecting the computers doing the actual gene sequencing.

"The results from our study show it is theoretically possible to produce synthetic DNA that is capable of compromising a computer system", Allen continued. "Our exploit shows that specifically designed DNA can be used to affect computer programs, not living organisms themselves", they wrote.

The researchers also managed to hide malicious code in synthetic DNA, which turned into executable malware when the DNA was analysed by a computer.

A doctored biological sample could even be used as a vector for malicious DNA to be processed downstream after sequencing, and executed. "We also stress that its environment is in many ways the "best possible" environment for an adversary", the researchers say in their report. The team behind the hack was concerned about the security with that infrastructure after finding basic vulnerabilities in some of the open-source software used in labs that analyze DNA all around the world.

"The conversion from ASCII As, Ts, Gs, and Cs into a stream of bits is done in a fixed-size buffer that assumes a reasonable maximum read length", explained co-author Karl Koscher when asked for more technical information by TechCrunch. The cost of sequencing has sharply fallen by over 100,000 times in the last 10 years. That research aims to turn DNA into a viable storage medium for digital information, using its unique properties to store vast amounts of information in tiny amounts of liquid. That may sound like cheating, but cybersecurity professionals know that there's the possibility of security vulnerabilities in all types of software.

Vanessa Coleman

Comments