Scientists have synthesised a strand of DNA that can be used to hack computers in a world first.
For the first time, it was shown that when a gene sequencer analyzes the malicious code encoded in the physical strands of DNA, the resulting data turns into a program that corrupts gene-sequencing software. They hope that their research will encourage the DNA sequencing community to be more proactive in addressing computer security risks and follow secure software best practices when coding bioinformatics software.
In present scenario, without a doubt, the possibility of this sci-fi hacking attack is distant.
The team has demonstrated for the first time that it is possible-though still challenging-to compromise a computer system with a malicious computer code stored in synthetic DNA. "It's about considering a different class of threat". "Third, you might envision a scenario where someone (such as a manufacturer of GMO seeds) wants to prevent others from easily sequencing the DNA in products they sell". Especially given that the DNA samples come from outside sources, which may be hard to properly vet.
However, researchers point out hackers still have a long way to go before they'd be able to create the code to be turned into DNA strands - which wasn't easy at all. "So, let's start a conversation now about how to improve your security before it becomes an issue, '" said Kohno, whose previous research has provoked high-profile discussions about vulnerabilities in emerging technologies, such as internet-connected automobiles and implantable medical devices.
Erlich says the attack took advantage of a spill-over effect, when data that exceeds a storage buffer can be interpreted as a computer command.
The technology to encode malware into DNA involves converting computer binary code 1's and 0's into A, C, G, and T, the letters of DNA base types, adenine, cytosine, guanine, and thymine. To speed up the processing, the images of millions of bases are split up into thousands of chunks and analyzed in parallel. For their sample to remain stable, they needed to maintain a certain ratio of Gs and Cs to As and Ts.
"In a nutshell, we believe that software used to analyze DNA sequencing data should be subject to the same level of security vulnerability scrutiny as other software packages", study co-author Luis Ceze, an Allen School associate professor, said in an email to GeekWire. All of that meant the group had to repeatedly rewrite their exploit code to find a form that could also survive as actual DNA, which the synthesis service would ultimately send them in a finger-sized plastic vial in the mail. What is a DNA sequencing pipeline?
The researchers point out that while the attack is now far from viable, it is still a worrisome proof-of-concept.
A big revolution in genomic sciences is taking place now as the researchers are looking to find new ways to store data using DNA and improve the existing techniques of DNA sequencing. "A lot of this software wasn't written with security in mind", Ney says.
While they did set the right conditions for the exploit to work, including turning off the exploit mitigation features, they were eventually able to gain full control over the target computer.
Needless to say, any possible DNA-based hacking is years away. University of Washington researchers partnered with Microsoft past year to set a new record for the amount of data stored in the molecules, at 200 megabytes. "This is interesting research about potential long-term risks".