Published: Fri, August 11, 2017
Electronics | By Jesus Weaver

Infected DNA successfully hacks computer in terrifying experiment

Infected DNA successfully hacks computer in terrifying experiment

A big revolution in genomic sciences is taking place now as the researchers are looking to find new ways to store data using DNA and improve the existing techniques of DNA sequencing. DNA sequencers work by mixing DNA with chemicals that bind differently to DNA's basic units of code-the chemical bases A, T, G, and C-and each emit a different color of light, captured in a photo of the DNA molecules.

However, they also argue there are plenty of "easy" attack vectors if an attacker wanted to target DNA processing machines. When the program analyzes DNA, it reads it like code - allowing the biohacker to take advantage of the security loopholes and take over the computer.

In new research they plan to present at the USENIX Security conference on Thursday, a group of researchers from the University of Washington has shown for the first time that it's possible to encode malicious software into physical strands of DNA, so that when a gene sequencer analyzes it the resulting data becomes a program that corrupts gene-sequencing software and takes control of the underlying computer.

After sequencing, we observed information leakage in our data due to sample bleeding. "That is, we were able to remotely exploit and gain full control over a computer using adversarial synthetic DNA", the researchers said.

To construct the malware, the team translated a computer command into a short stretch of 176 DNA letters.

When that particular DNA strand is processed, the malicious exploit can gain control of the computer that's running the program - potentially allowing the adversary to look at personal information, alter test results or even peer into a company's intellectual property.

In a unusual first, the researchers at the University of Washington have found a way to infect DNA strands with malicious code while DNA sequencing.

When asked by Devin Coldewey of TechCrunch if such a malicious payload could be "delivered via, for example, a doctored blood sample or even directly from a person's body?"

"Second, because multiple DNA samples are often sequenced together, errors inherent in current sequencing processes will cause some of your malicious DNA data to end up in other people's data", Koscher continues. Each dot represents one strand of DNA in a given sample. For example, in 2009 you had to pay around $100,000 to sequence your human genome.

"That means when you're looking at the security of computational biology systems, you're not only thinking about the network connectivity and the USB drive and the user at the keyboard but also the information stored in the DNA they're sequencing", Tadayoshi Kohno, the University of Washington computer science professor who led the project said. "We agree with the premise of the study that this does not pose an imminent threat and is not a typical cyber security capability", Jason Callahan, the chief information security officer at gene-sequencing equipment manufacturer Illumina, told Wired. "It's about considering a different class of threat".

The hack was done as a call to arms to the genetic data processing community to ensure best practices, and to prompt a discussion about the regulations around DNA sequencing.

They used nucleotides, the building blocks of DNA, to produce a code that relates to the individual pixels of each image. "Third, you might envision a scenario where someone (such as a manufacturer of GMO seeds) wants to prevent others from easily sequencing the DNA in products they sell". To start, they demonstrated a technique that is scientifically fascinating - though arguably not the first thing an adversary might attempt, the researchers say.

Like this: