Researchers hack computer using malware encoded in synthetic DNA

Scientists Hack a Computer Using DNA

In the paper, the group goes as far as to state: "We have no motivation to trust that there have been any assaults against DNA sequencing or investigation programs".

The most basic function of DNA is to store information, with its strands made from four building blocks identified as A, C, G, and T. These letters can also store information that a computer can read and change into binary data, and that is what the team from the University of Washington researchers exploited to carry out their research.

Akin to something from the pages of science fiction, the researchers used the life-encoding molecule to attack and take over a computer, using strands of DNA to transmit a computer virus from the biological to the digital realm.

For now, the authors acknowledge, DNA-based attacks on computers are a long way from being feasible. Mitigating this prospect however, is getting malicious DNA strands from a doctored sample into a sequencer, which presents many technical challenges. To speed up the processing, the images of millions of bases are split up into thousands of chunks and analyzed in parallel. This attack vector isn't aimed at your everyday PC sitting on your desk at home or in the office; this hack aims directly at the infrastructure around the DNA transcription and analysis industry.

Then, once the process became automated from the 1980s onwards, DNA sequencing machines and analyzing programmes started to store DNA sequences as computer files.

"Second, because multiple DNA samples are often sequenced together, errors inherent in current sequencing processes will cause some of your malicious DNA data to end up in other people's data", Koscher continues. The team said they "found early indicators of security problems and vulnerable code", which means sequencing data is at risk.

Additionally, since bioinformatics software isn't commonly targeted by hackers, the software isn't generally hardened to attacks. Stakeholders should also get serious about regular patching of such systems, the researchers argued. Rather than exploit an existing vulnerability in the fqzcomp program, as real-world hackers do, they modified the program's open-source code to insert their own flaw allowing the buffer overflow.

The researchers claim they were able to "remotely exploit and gain full control over a computer using adversarial synthetic DNA". "A lot of this software wasn't written with security in mind", Ney says. These include universities, gene research institutes, and cloud companies, such as Microsoft, Google or Amazon, which provide compute power for genomic processing.

"We wanted to understand what new computer security risks are possible in the interaction between biomolecular information and the computer systems that analyze it", according to the multidisciplinary team.

We shouldn't ignore its implications for the future, though.

The researchers published a paper detailing their findings, and explained its work in a more readable essay on its web site.

A test tube containing hundreds of billions of copies of the code.

Erlich told the MIT Technology Review that the attack took advantage of a spill-over effect, when data exceeding a certain threshold can be interpreted as a command.

Related News: