Malware stored in synthetic DNA can take over PC

Share

Through trial and error, the team found a way to include executable code-similar to computer worms that occasionally wreak havoc on the internet-in synthetic DNA strands.

Threats from DNA strands being sequenced and used as a vector for computer attacks have not been under consideration up until now, researchers argue. They are also needed to store billions of DNA bases that can be sequences from a single DNA sample. For example, even simple software analysis tools can find many security problems and help people determine which elements of programs need to be rewritten. Bio-security researchers from the University of Washington, however, are looking at DNA from a completely different perspective.

They said closing the security gaps in the software that's used for analyzing DNA is mostly a matter of following best practices in the computer industry.

University of Washington researchers have successfully encoded malware into DNA strands, using it to exploit a computer that analyzed the genetic material in a groundbreaking world first.

As terrifying as this may sound, there is very little risk of your computer being hacked by DNA anytime soon. Companies could even place malicious code in the DNA of genetically modified products, as a means of protecting trade secrets.

By doing this, they have exposed a weakness in systems that could lead to hackers taking control of computers in research centres, universities and laboratories, reports MIT technology review.

The new DNA malware will be presented next week at the Usenix Security Symposium in Vancouver.

"Somewhere down the line, when more information is stored in DNA and it's being input and sequenced constantly", Shipman says, "we'll be glad we started thinking about these things". "We agree with the premise of the study that this does not pose an imminent threat and is not a typical cyber security capability", Jason Callahan, the chief information security officer at gene-sequencing equipment manufacturer Illumina, told Wired.

More news: Kenya protesters say police firing on them

"Instead, we'd rather say, 'Hey, if you continue on your current trajectory, adversaries might show up in 10 years".

"We wondered whether under semi-realistic circumstances it would be possible to use biological molecules to infect a computer through normal DNA processing", says study co-author Peter Ney.

"We don't want to alarm people or make patients worry about genetic testing, which can yield incredibly valuable information", said co-author and Allen School associate professor Luis Ceze.

The electronic and molecular worlds are converging as scientists refine techniques for sequencing and synthesizing DNA (i.e. reading and writing DNA). "Biologically-benign but digitally-malicious code could potentially be implanted to thwart others from analyzing that DNA".

"However, getting the malicious DNA strand from a doctored sample into the sequencer is very hard with many technical challenges".

When the researchers sent their carefully crafted attack to DNA synthesis service Integrated DNA Technologies, they found DNA had other restrictions too. "Said another way, our exploit is created to compromise a computer program involved in the DNA sequencing pipeline (and a program intentionally modified to include a vulnerability)".

Researchers at the UW Molecular Information Systems Lab are working to create next-generation archival storage systems by encoding digital data in strands of synthetic DNA.

The fixes are relatively straightforward, but programmers will have to be as careful about DNA code as they are about the more usual kind of computer code.

Share