Scientists "hack" a computer using malware encoded in DNA

La Tigre for WIRED

La Tigre for WIRED

Once a data file, such as a book or video, is converted, it can be reproduced into physical strands of synthetic DNA.

Scientists at the University of Washington in Seattle, have successfully been able to code a malware program into a DNA sample and use it to hack into a computer that was studying it. They are also needed to store billions of DNA bases that can be sequences from a single DNA sample.

"The DNA sequencing community, and especially the programmers of bioinformatics tools, should consider computer security when developing software".

They also found known security gaps in numerous open-source software programs that are used to analyze DNA sequencing data.

Having set the right conditions, they were able to "remotely exploit and gain full control over a computer using adversarial synthetic DNA", they note.

To prove their point, the researchers turned a snippet of malicious computer code into a string of synthetic DNA, and then used it to take control of a computer that was programmed to search for patterns in the raw files that emerge from DNA sequencing.

But why would anyone want to hack a computer with a malicious DNA strand? "Our exploit shows that specifically designed DNA can be used to affect computer programs, not living organisms themselves", they wrote.

Regardless of any practical reason for the research, however, the notion of building a computer attack-known as an "exploit"-with nothing but the information stored in a strand of DNA represented an epic hacker challenge for the University of Washington team".

The findings from UW's Security and Privacy Research Lab and Molecular Information Systems Lab are to be presented on August 17 in Vancouver, B.C., at the 26th USENIX Security Symposium.

It should be noted that the exploit created by the researchers didn't target any specific program used by biologists; rather it targeted a modified program with known vulnerability. "While this phenomenon is known to the sequencing community, we provide the first discussion of how this leakage channel could be used adversarially to inject data or reveal sensitive information". "We welcome any studies that create a dialogue around a broad future framework and guidelines to ensure security and privacy in DNA synthesis, sequencing, and processing". When the DNA is sequenced, it is processed and analyzed by multiple computer programs, which is called the DNA data processing pipeline.

Despite this, the researchers said there is no cause for concern-yet. "Thus, while scientifically interesting, we stress that people today should not necessarily be alarmed, as we discuss both above and below".

"As these molecular and electronic worlds get closer together, there are potential interactions that we haven't really had to contemplate before", said Luis Ceze, a co-author of the study. Alphr has contacted the researchers for more information.

'It remains to be seen how useful this would be, but we wondered whether under semi-realistic circumstances it would be possible to use biological molecules to infect a computer through normal DNA processing, ' said co-author Peter Ney. "First, an existing DNA sample could be contaminated with this malicious DNA". They also have to worry about tampered DNA attacking not only humans but computers as well.

Researchers at the UW Molecular Information Systems Lab are working to create next-generation archival storage systems by encoding digital data in strands of synthetic DNA. "I doubt it." But he adds that, with an age of DNA-based data possibly on the horizon, the ability to plant malicious code in DNA is more than a hacker parlor trick.

Latest News