Researchers Successfully Code Malware Into DNA

La Tigre for WIRED

A multidisciplinary team at the University of Washington has found that the security infrastructure around DNA transcription and analysis was inadequate.

The ability to hack into a computer through malware stored in DNA sounds like something out of a science fiction movie. But once that code is changed, it sits dormant until the machine sequences a hostile string of DNA.

This command was created to target a particular flaw that the team had previously discovered in the DNA processing programme.

In a nutshell, malware is decompiled into binary data, then those 1s and 0s are assigned to the C, G, A, and T nucleobases in physical DNA.

The researchers also managed to hide malicious code in synthetic DNA, which turned into executable malware when the DNA was analysed by a computer. But their analysis of software used throughout that pipeline found known security gaps that could allow unauthorized parties to gain control of computer systems - potentially giving them access to personal information or even the ability to manipulate DNA results. "We do want to give people a heads up that as these molecular and electronic worlds get closer together, there are potential interactions that we haven't really had to contemplate before".

To carry out the hack, researchers led by Tadayoshi Kohno ("see "Innovators Under 35, 2007") and Luiz Ceze encoded malicious software in a short stretch of DNA they purchased online".

Researchers hypothesized that it may be possible to produce malware-laden DNA strands that, if sequenced and analyzed, could compromise a computer. Genetic researchers have actually used DNA to store data, such as Amazon gift cards, GIFs, and books.

For example, they point out that there is nothing stopping a member of one of several major DNA research institutes from submitting a malicious sequencing file.

The researchers emphasized that this is an extremely early experiment in what might be possible, but that they're publishing their findings in hopes that the medical research community starts to think more seriously about computer security.

Co-author Lee Organick, a research scientist in the Molecular Information Systems Lab, said someone would have to overcome "lots of challenges" to pull this off.

However, it does highlight the need for security researchers to be one step ahead of criminals, and keep track of emerging technology before it can be exploited.

Output from a sequencing machine that includes the team's exploit, which is being sequenced with unrelated strands. Rather than exploit an existing vulnerability in the fqzcomp program, as real-world hackers do, they modified the program's open-source code to insert their own flaw allowing the buffer overflow.

"We have no evidence to believe that the security of DNA sequencing or DNA data in general is now under attack", they said.

Researchers at the University of Washington.

The tiny movie, consisting of just five frames, shows a thoroughbred mare named Annie G galloping in 1887.

The team also conducted a thorough examination of the current bioinformatics software tools commonly used by researchers today. Computers are used to process and analyze the data in someone genome.

Related News: