Researchers inject malware code in a strand of DNA

With each passing day, hackers are using innovative ways to breach cyber security systems. One such inventive method of hacking a computer is via DNA.

Researchers at the University of Washington claims to have successfully injected a malware program into a DNA sample and use it to hack into a computer that analyzes the sequence of that DNA. In other words, so that when a gene sequencer analyzes it the resulting data becomes a program that corrupts gene-sequencing software and takes control of the underlying computer.

The team also explained its work in a more readable essay on its website that provides suggestions to tighten computer security and privacy protections in DNA synthesis, sequencing, and processing.

One of the big things we try to do in the computer security community is to avoid a situation where we say, ‘Oh shoot, adversaries are here and knocking on our door and we’re not prepared,’” co-author Tadayoshi Kohno, a professor at UW’s Paul G. Allen School of Computer Science and Engineering, said in a statement. “Instead, we’d rather say, ‘Hey, if you continue on your current trajectory, adversaries might show up in 10 years. So let’s start a conversation now about how to improve your security before it becomes an issue.’”

The researchers through trial and error successfully proved that it is possible to infect a computer with a malware that was coded into a strand of DNA and which when inserted into the gene-sequencing process, could allow an attacker to gain control of that system.

To assess whether this is theoretically possible, we included a known security vulnerability in a DNA processing program,” they wrote. “We then designed and created a synthetic DNA strand that contained malicious computer code encoded in the bases of the DNA strand. When this physical strand was sequenced and processed by the vulnerable program it gave remote control of the computer doing the processing. That is, we were able to remotely exploit and gain full control over a computer using adversarial synthetic DNA.”

Should we be worried with this finding at this point of time? Well, not really. “We don’t want to alarm people or make patients worry about genetic testing, which can yield incredibly valuable information,” said author and Allen School Associate Professor Luis Ceze. “We do want to give people a heads up that as these molecular and electronic worlds get closer together, there are potential interactions that we haven’t really had to contemplate before.”

However, the finding is been considered as a significant breakthrough in the growing overlap between the digital and the biological world. As sequencing becomes cheaper and more popular, there are chances of more DNA-encoded cyberthreats.

The researchers asserted that, “It is time to improve the state of DNA security. We encourage the DNA sequencing community to proactively address computer security risks before any adversaries manifest.”

The researchers plan to discuss their findings at the USENIX Security Symposium in Vancouver during a presentation on August 17.