Tech

Researchers remotely compromise a computer using malicious code hidden in synthetic DNA

Researchers remotely compromise a computer using malicious code hidden in synthetic DNA

Using a fake blood, mucous, or urine sample, it might be possible for hackers to gain access to and take over entire systems, warned the scientists.

In a odd first, the researchers at the University of Washington have found a way to infect DNA strands with malicious code while DNA sequencing.

Also, bioinformatics software presents a soft target for hackers, since it generally isn't hardened to software attacks, while patching may be hard as most software isn't managed from a central code repository. They then encoded a exploit into a synthetic DNA strand created to attack the flaw and the system it operated on. "Instead, we view these results as a first step toward thinking about computer security in the DNA sequencing ecosystem". "It's about considering a different class of threat". But as genetic sequencing is increasingly handled by centralized services-often run by university labs that own the expensive gene sequencing equipment-that DNA-borne malware trick becomes ever so slightly more realistic.

First, it's important to realize how important computers are when it comes to DNA.

If hackers did pull off the trick, the researchers say they could potentially gain access to valuable intellectual property, or possibly taint genetic analysis like criminal DNA testing.

However, they also argue there are plenty of "easy" attack vectors if an attacker wanted to target DNA processing machines.

Basketball: Boston Celtics to face Philadelphia 76ers at O2 Arena in London
If you're on a payment plan, you'll never even be charged for that game. For once, the Sixers aren't one of those teams this coming year.

A team of researchers from the University of Washington have given a new meaning to the term computer virus by coding malware directly into a DNA strand. When the DNA is sequenced, it is processed and analyzed by multiple computer programs, which is called the DNA data processing pipeline. Even if an attacker was successfully able to get it into a sequencer, it may not be in readable form. So all the data that comprised their attack had to fit into just a few hundred of those bases, to increase the likelihood it would remain intact throughout the sequencer's parallel processing. The researchers note there are no known examples of such an attack. Each dot represents one DNA strand in a given sample.

They said closing the security gaps in the software that's used for analyzing DNA is mostly a matter of following best practices in the computer industry. The study exposes the security risks associated with DNA sequencing, which can compromise some of the most intimate details possible of people. As DNA sequencing becomes more popular and technology to store computer data inside DNA becomes more practical, future cyber attacks could originate from malware stored in DNA.

The researchers point out that while the attack is now far from viable, it is still a worrisome proof-of-concept.

It should be noted that the exploit created by the researchers didn't target any specific program used by biologists; rather it targeted a modified program with known vulnerability.

In a paper that will be presented at a security symposium in Vancouver, Canada, on August 17, researchers explained how they stored malware in synthetic DNA, then gained control of the computer by targeting security loopholes in the DNA analysis software. "A lot of this software wasn't written with security in mind", Ney says.

To make the malware, the team translated a simple computer command into a short stretch of 176 DNA letters, denoted as A, G, C, and T. After ordering copies of the DNA from a vendor for $89, they fed the strands to a sequencing machine, which read off the gene letters, storing them as binary digits, 0s and 1s. But they said the cybersecurity angle shouldn't be ignored as DNA-based computing progresses.