Researchers Hack DNA Sequencing Tools, Genetic Histories Revealed

La Tigre for WIRED

In a unusual first, the researchers at the University of Washington have found a way to infect DNA strands with malicious code while DNA sequencing. Bio-security researchers from the University of Washington, however, are looking at DNA from a completely different perspective.

Researchers believe the remarkable feat could one day become practical for illegal hacking as DNA sequencing becomes more popular and powerful.

This data file tells researchers what sequence their DNA had as well as the quality of the read.

"We have no evidence to believe that the security of DNA sequencing or DNA data in general is now under attack", the research team said in a statement. "This is something [the genomics industry] and the USA government should be concerned about", said Tadayoshi Kohno, a computer-science professor at the university and a member of the research team.

"Instead, we'd rather say, 'Hey, if you continue on your current trajectory, adversaries might show up in 10 years. So let's start a conversation now about how to improve your security before it becomes an issue'".

'We don't want to alarm people or make patients worry about genetic testing, which can yield incredibly valuable information, ' said study co-author Dr Luis Ceze.

In the new paper, researchers from the UW Security and Privacy Research Lab and UW Molecular Information Systems Lab offer recommendations to strengthen computer security and privacy protections in DNA synthesis, sequencing and processing.

To speed up the processing, the images are divided into thousands of chunks, and analyzed in parallel - all data comprising their attack had to fit into just a few hundred such bases, to increase the likelihood it would remain intact throughout the sequencer's parallel processing.

Scientists have synthesised a strand of DNA that can be used to hack computers in a world first.

DNA is, at its heart, a system that encodes information in sequences of nucleotides.

To create optimal conditions for an adversary, they introduced a known security vulnerability into a software program that's used to analyze and search for patterns in the raw files that emerge from DNA sequencing.

Researchers demonstrated for the first time that it is possible to remotely compromise a computer using information stored in DNA.

"To be clear, there are lots of challenges involved", said co-author Lee Organick, a research scientist in the Molecular Information Systems Lab.

How might attackers go about inserting a malicious code into synthetic DNA? "But we found it is possible".

In addition to setting out to prove that malware could be coded into DNA, the team also wanted to show that the programs used to read DNA are not following cyber security best practices.

Companies that manufacture synthetic DNA strands and mail them to scientists are already on the alert for bioterrorists. For example, if an attacker knew DNA samples will be sequenced on a computer they contaminate blood and saliva samples with a specially crafted synthetic gene.

They started by writing a well-known exploit - a "buffer overflow" - created to fill space in a computer's memory intended for certain data, then spill out into another part of the memory banks to plant malicious commands. For example, even simple software analysis tools can find many security problems and help people determine which elements of programs need to be rewritten.

Threats from DNA strands being sequenced and used as a vector for computer attacks have not been under consideration up until now, researchers argue.

The point of the research seems to be to highlight a potential future problem that needs to be quickly addressed.



Other news