A big revolution in genomic sciences is taking place now as the researchers are looking to find new ways to store data using DNA and improve the existing techniques of DNA sequencing. "Many were written in programming languages known to routinely contain security problems, and we found early indicators of security problems and vulnerable code".
When biologists synthesize DNA, they take pains not to create or spread a unsafe stretch of genetic code that could be used to create a toxin or, worse, an infectious disease. However, they should be prepared before these attack vectors are adopted by the criminal community.
We demonstrate, for the first time, the synthesis of DNA which - when sequenced and processed - gives an attacker arbitrary remote code execution.
In what might prove to be a more target-rich area for an adversary to exploit, the research team also discovered known security gaps in many open-source software programs used to analyze DNA sequencing data.
Researchers at the University of Washington took control of a machine using a malicious strand of DNA in what is being considered the first "DNA-based exploit of a computer system".
After sequencing, we observed information leakage in our data due to sample bleeding. The synthetic strands were passed through a sequencing machine, which converted the gene letters into binary digits, 0s and 1s. "That is, we were able to remotely exploit and gain full control over a computer using adversarial synthetic DNA".
To create the malware, the researchers translated a computer command into a stretch of 176 DNA letters.
Jumping Genes Inactivated with CRISPR in Pigs
Next, the company needs to make sure it can consistently replicate virus-free pigs, which it's already well on its way to doing. Alternatively, human cells populating the germline of an animal could enable human genes to pass onto offspring.
Regardless of any practical reason for the research, however, the notion of building a computer attack-known as an "exploit"-with nothing but the information stored in a strand of DNA represented an epic hacker challenge for the University of Washington team". The result of their work is a hack that can break out of the FASTQ program and into other blocks of memory contained within a computer running the DNA sequencing.
"It remains to be seen how useful this would be, but we wondered whether under semi-realistic circumstances it would be possible to use biological molecules to infect a computer through normal DNA processing", said co-author and Allen School doctoral student Peter Ney.
When asked by Devin Coldewey of TechCrunch if such a malicious payload could be "delivered via, for example, a doctored blood sample or even directly from a person's body?" "For now, these attacks are hard in practice because it is challenging to synthesise malicious DNA strands and to find relevant vulnerabilities in DNA processing programs". In another scenario, as different DNA samples are often sequenced together, errors in a sequencing process could cause the malicious data in a DNA to end up in other people's data. "Even if you were successfully able to get it into the sequencer for sequencing, it might not be in any usable shape (it might be too fragmented to be read usefully, for example)". But one group of bio-hackers has demonstrated how DNA can carry a less expected threat-one created to infect not humans or animals but computers.
This pipeline includes any facility that accepts DNA samples for computer-based gene sequencing and processing.
"This is something [the genomics industry] and the USA government should be concerned about", Tadayoshi Kohno, a member of the research team and a professor at the University of Washington, tells WSJ.
Researchers are instead warning the DNA sequencing community about the vulnerabilities they found and suggest that they should address the security risks before criminals try to attack.
DNA is built up of foundational units called nucleotides. Let's not even go to that whole bio-cyber-weapon theory...