Nowadays, people seem to be able to hack into anything using pretty much everything, and recently, this has been proven right when a team of researchers said that they managed to incorporate a malware into a genetic molecule and then take over the computer that was used to analyze it.
This biological malware, which they call the first DNA-based exploit of a computer system, was created by scientists at the University of Washington, Seattle.
A group of researchers led by Tadayoshi Kohno and Luiz Ceze carried out the hack by first purchasing a short stretch of DNA online and then encoding it with a malicious software. They then used it to gain full control of the computer that was processing the genetic data after the DNA was read by a DNA sequencing machine.
What the researchers wanted to show with this experiment was to warn that hackers could use fake blood or spit samples to slide into university computers, steal information from police forensic labs or infect genome files shared by scientists one day in the future.
But for now, this newly made DNA malware isn’t that much of a threat. The researcher themselves admitted to temper the chances of success by creating the best possible environment for the malware to thrive, going as far as adding a vulnerability to a bioinformatics program.
Yaniv Erlich, a geneticist, and programmer who is the chief scientific officer of MyHertige.com, a genealogy website said that the researchers’ exploit is basically unrealistic.
This new DNA malware is waiting to be presented at the Usenix Security Symposium in Vancouver next week. Peter Ney, a graduate student in Kohno’s Security and Privacy Research Lab says that they are trying to get ahead of upcoming security threats that could manifest themselves.
The researchers made the malware by translating a simple computer command into a short stretch of 176 DNA letters, labeled A, C, G and T. They then ordered copies of the DNA from a vendor for $89 and fed the strands to a sequencing machine, which read of the gene letters, storing them as binary digits, 0s and 1s.
The attack took advantage of a spillover effect, which is when data that exceeds a storage buffer can be interpreted as a computer command, as Elrich said. The command then contacted a server controlled by Kohno’s team, making them take control of a computer in their lab they were using to analyze the DNA file.
Synthetic DNA strands manufacturers have already been alerted to the threat of bioterrorists. As the researchers suggest, the future holds the possibility of DNA sequences being computer threats.
The team of researchers also points that hackers could opt for a more traditional method of targeting people’s genetic data, specifically because it is increasingly appearing online and even being accessed through app stores.
James Bonfield, a bioinformatics expert at the Sanger Institute in the United Kingdom says that there are cases of scientific programs used to organize and interpret data not being actively maintained which could create risks. Bonfield says he authored the program that the University of Washington researchers targeted in their attack.