A group of scientists successfully hacked a computer using a malicious program coded in a DNA strand. You might be wondering why would they do that. Well, in future, attackers could use DNA sequencing pipeline to hack any computer. Although it is far complex and quite impossible considering the present security system, it’s interesting to observe such possibilities.
For those, who don’t know DNA sequencing pipeline – it includes facilities that accept DNA sample for machine-based gene processing. An attacker could alter forensic evidence if he is able to inject malicious code into DNA.
The information technology and medical field have long influenced each other. The recent enhancement in DNA sequencing has sparked a huge data revolution in genomic science, which has also led to the expansion of bioinformatic tools. Researchers are now looking for new techniques to store information using DNA and improve the existing methodology of DNA sequencing.
For the first time, researchers at the University of Washington have shown that DNA infected with a malicious code could affect the machine reading it. Attackers infect files shared by scientists, or steal information from police forensics labs.
According to the research team, they have analyzed the commonly used security practices and open source programs. Many of them were written in programming languages that already have security issues, and they found early indicators of vulnerable code.
It is important to note that the scientists created the “best possible” circumstances of success by disabling current security feature and integrating a vulnerability to bioinformatics software.
How This DNA Hack Works
DNA stores biological data in four basis of nucleic acid (A, T, C and G). After sequencing, the data is processed/analyzed by computer software. Since any form of input can have malicious script, this time malware has been injected into DNA strands.
To make this sci-fi hack work, the team developed a synthetic DNA strand (with malicious script), and added a small security vulnerability in DNA processing software. They translated a machine command into 176 DNA letters (A, T, C and G). Then, they purchased synthetic DNA for $89, and fed the adjusted strands to a sequencing machine. As usual, machine read the letter and stored the data in binary digits 1s and 0s.
When this DNA strand was processed by vulnerable software, it allowed remote control of the machine doing the processing. The team were able to gain full control over a machine and exploit it remotely.
This study shows that a biological sample can be used as a vector for malicious DNA strand. However, it is extremely complex and involves various technical challenges. Even if one successfully gets it into the sequencer for sequencing, it might be too fragmented to be processed.
‘When you are looking at biological system security, you are not only considering about the USB drive or network connectivity or any person with the keyboard, but also the data stored in DNA they are processing’, Tadayoshi Kohno said, professor who led the project. ‘It is about taking a different class of threats into consideration’, he added.
If attackers somehow do manage to inject malicious code in DNA, they could potentially use fake spit samples or blood cells to gain access on investigation, steal information, and alter code of genetically modified products. Let’s not dig into the whole biology cyber weapon theory.
DNA use for handling digital information is gradually becoming a reality. Recently, a team at Harvard, encoded a video in a DNA sample. Because of the DNA’s ability to maintain its formation longer than magnetic encoding on hard drive, the DNA storage method will someday allow information to be kept for hundreds of years.