Electronics

Infected DNA successfully hacks computer in terrifying experiment

Infected DNA successfully hacks computer in terrifying experiment

The malware was encoded into a gene and used to take over a computer that analyses DNA code. They are also needed to store billions of DNA bases that can be sequences from a single DNA sample.

"The DNA sequencing community, and especially the programmers of bioinformatics tools, should consider computer security when developing software", they wrote. DNA sequencers work by mixing DNA with chemicals that bind differently to DNA's basic units of code-the chemical bases A, T, G, and C-and each emit a different color of light, captured in a photo of the DNA molecules. But their analysis of software used throughout that pipeline found known security gaps that could allow unauthorized parties to gain control of computer systems-potentially giving them access to personal information or even the ability to manipulate DNA results.

For the first time, it was shown that when a gene sequencer analyzes the malicious code encoded in the physical strands of DNA, the resulting data turns into a program that corrupts gene-sequencing software.

As terrifying as this may sound, there is very little risk of your computer being hacked by DNA anytime soon. The hack makes use of technology in which digital bits of data are converted into synthetic DNA.

The researchers started by writing a well-known exploit called a "buffer overflow", created to fill the space in a computer's memory meant for a certain piece of data and then spill out into another part of the memory to plant its own malicious commands.

The new DNA malware will be presented next week at the Usenix Security Symposium in Vancouver.

It should be noted that the exploit created by the researchers didn't target any specific program used by biologists; rather it targeted a modified program with known vulnerability.

Research Ratings: Williams Partners LP (WPZ), Blue Buffalo Pet Products, Inc. (BUFF)
Commerce Bank bought a new position in shares of Blue Buffalo Pet Products during the second quarter worth approximately $281,000. Equities analysts expect that Blue Buffalo Pet Products , Inc. will post $0.92 earnings per share for the current fiscal year.

"Somewhere down the line, when more information is stored in DNA and it's being input and sequenced constantly", Shipman says, "we'll be glad we started thinking about these things". After sequencing, we observed information leakage in our data due to sample bleeding. When the DNA is sequenced, it is processed and analyzed by multiple computer programs, which is called the DNA data processing pipeline.

"We look at emerging technologies and ask if there are upcoming security threats that might manifest, so the idea is to get ahead", says Peter Ney, a graduate student in Kohno's Security and Privacy Research Lab.

The electronic and molecular worlds are converging as scientists refine techniques for sequencing and synthesizing DNA (i.e. reading and writing DNA).

"To be clear, there are lots of challenges involved", said co-author Lee Organick, a research scientist in the Molecular Information Systems Lab. But as the cost of DNA sequencing has plummeted over the last decade, open-source programs have been adopted more widely in medical- and consumer-focused applications.

While they did set the right conditions for the exploit to work, including turning off the exploit mitigation features, they were eventually able to gain full control over the target computer.

Some were written in unsafe languages known to be vulnerable to attacks, in part because they were first crafted by small research groups who likely weren't expecting much, if any, adversarial pressure. (Shipman is married to WIRED senior writer Emily Dreyfuss.) That storage method, while mostly theoretical for now, could someday allow data to be kept for hundreds of years, thanks to DNA's ability to maintain its structure far longer than magnetic encoding in flash memory or on a hard drive.