Researchers use DNA to infect a computer with malicious code

When a software program sequences that DNA, executable code encoded within it allows the exploit to gain control of the computer, potentially compromising the security of its data or even altering the test results.

The group designed a malware-infused synthetic DNA strand, which, when sequenced by the compromised computer, gave remote control of the program. But one group of bio-hackers has demonstrated how DNA can carry a less expected threat-one created to infect not humans or animals but computers. In this case, that command forced the computer to contact a server controlled by the research team, which they used to take control of the system.

DNA sequencing costs have dropped significantly since 2008, thanks to advances in next-generation sequencing (NGS) technologies.

Erlich says the attack took advantage of a spill-over effect, when data that exceeds a storage buffer can be interpreted as a computer command. The researchers showed how such a leakage channel could be used adversarially to inject data or reveal sensitive information.

"To assess whether this is theoretically possible, we included a known security vulnerability in a DNA processing program that is similar to what we found in our earlier security analysis", they continued. This attack vector isn't aimed at your everyday PC sitting on your desk at home or in the office; this hack aims directly at the infrastructure around the DNA transcription and analysis industry.

This attack is not practical for common hackers yet-Wired reports that the experiments were only successful 37 percent of time. "That means when you're looking at the security of computational biology systems, you're not only thinking about the network connectivity and the USB drive and the user at the keyboard but also the information stored in the DNA they're sequencing".

The hack was only possible because of weakness in the DNA sequencing software, and only in this specific instance. Next, they evaluated the security of DNA processing applications. In order to store the basic units that make up DNA, the data is processed using multiple open-source computer programs.

But as sequencing becomes cheaper, simper and more popular, these attacks could pose a growing problem in the future, if unaddressed. These include universities, gene research institutes, and cloud companies, such as Microsoft, Google or Amazon, which provide compute power for genomic processing.

We shouldn't ignore its implications for the future, though.

But hacking aside, the use of DNA for handling computer information is slowly becoming a reality, says Seth Shipman, one member of a Harvard team that recently encoded a video in a DNA sample.

Remember a few month ago when we were all laughing at Harvard scientists for putting a GIF inside a strand of DNA? However, while the idea of human DNA being a route for hackers to spread malware is terrifying, the researchers said there is no evidence to suggests that the security around DNA sequencing is under attack, and that the goal of the research was to create awareness.

Vanessa Coleman

Comments