Scientists "hack" a computer using malware encoded in DNA


When the program analyzes DNA, it reads it like code - allowing the biohacker to take advantage of the security loopholes and take over the computer. What is a DNA sequencing pipeline?

The malware was encoded into DNA using a buffer overflow, a cybersecurity anomaly that occurs when a command overwhelms an allocated block of memory and overflows onto adjacent memory, causing the execution of malicious code.

In a odd first, the researchers at the University of Washington have found a way to infect DNA strands with malicious code while DNA sequencing. "Many were written in programming languages known to routinely contain security problems, and we found early indicators of security problems and vulnerable code".

University of Washington researchers figured out a way to use biology to infect computers with malicious code. However, they should be prepared before these attack vectors are adopted by the criminal community. The researchers started by writing a well-known exploit called a "buffer overflow", created to fill the space in a computer's memory meant for a certain piece of data and then spill out into another part of the memory to plant its own malicious commands.

Once inserted into the genome of e.coli, the data can then be retrieved by sequencing the DNA and the images are reconstructed by reading the pixel nucleotide code, which was achieved with around 90 per cent accuracy.

So far, the researchers stress, there's no evidence of malicious attacks on DNA synthesizing, sequencing and processing services.

"Somewhere down the line, when more information is stored in DNA and it's being input and sequenced constantly", Shipman says, "we'll be glad we started thinking about these things".

The findings from UW's Security and Privacy Research Lab and Molecular Information Systems Lab are to be presented on August 17 in Vancouver, B.C., at the 26th USENIX Security Symposium.

But these letters can also be used to store information that can be analyzed by a computer - and that's exactly what the Washington team did. Software that reads DNA will translate gene letters into binary digits of 0 and 1.

The synthetic strand went after the buffer overflow scientists intentionally put inside FASTQ, a program used to sequence DNA. The researchers were then able to remotely exploit this machine using adversarial synthetic DNA.

When asked by Devin Coldewey of TechCrunch if such a malicious payload could be "delivered via, for example, a doctored blood sample or even directly from a person's body?" "A doctored biological sample could indeed be used as a vector for malicious DNA to get processed downstream after sequencing and be executed". "For now, these attacks are hard in practice because it is challenging to synthesise malicious DNA strands and to find relevant vulnerabilities in DNA processing programs".

While creating sensational headlines, the team of "biohackers" also added that there is no immediate concern of such an attack happening as the possibility of a DNA hack remains theoretical.

While the researchers hinted that hackers could one day use their method to access sensitive data, the DNA malware doesn't now pose a threat.

Nonetheless, they did prove a DNA strand could be used to hack hardware.

Not an immediate threat, but latest successful DNA hack proves that biologists just don't have to worry about creating or spreading a risky stretch of genetic code that could result in an infectious disease.

"This is something [the genomics industry] and the USA government should be concerned about", Tadayoshi Kohno, a member of the research team and a professor at the University of Washington, tells WSJ.