In what could possibly be a sci-fi plot in a movie is now a reality, as researchers hack a computer using synthetic DNA.
A research team at the University of Washington revealed hackers were able to encode malware into a short strand of DNA. They programmed the virus to launch on its own when run through the DNA sequencing system, which it enabled it to take control of the computer, where it can read future DNA sequences or even alter generic data.
The results, therefore, indicate that it is technically possible to use DNA as a way to transfer malware and attack vulnerabilities in the sequencing computer program. Past research has already shown that it is possible to transfer data using DNA. In 2016, Microsoft and the University of Washington demonstrated a technique for storing and retrieving digital images using DNA. However, many fear of potential problems in the future with new possible ways to hack.
What complications can the new study hold?
While the exploit is still hypothetical, it does expose a major security flaw that could pose a significant problem in the future. The new study demonstrates how the process could work; clearly indicating how an artificial modified blood or DNA sample could corrupt a computer system. Additionally, gene-sequencing prices are dropping rapidly. In 2001, it cost about $100 million to sequence a genome. It now costs about $1000, and it will only get cheaper, particularly as the quest for valuable medicine continues. Potential problems faced in future may include criminal DNA results being tampered, or even valuable DNA data banks being stolen.
Nevertheless, researchers identified the process to be very complicated to carry out and required the computer to be connected to a generic sequencing machine. The study also identified that it aimed directly at the infrastructure around the DNA transcription and analysis industry and not at everyday computers used in homes or offices. Given that they found elementary vulnerabilities in open-source software used in labs around the world. In which is seen as a serious problem going forward, due to the nature of the data that is being handled.
Additionally, researchers have highlighted that the technique is currently just a proof-of-concept experiment requiring intentional modification of a computer program to allow the DNA-based exploit to take hold. A research scientist in the Molecular Information System Lab, Lee Organick, stated that
“To be clear, there are lots of challenges involved. Even if someone wanted to do this maliciously, it might not work. But we found it is possible.”
Overall the point of the research seems to be to highlight a potential future problem that needs to be quickly addressed. The study notes that there is no known evidence of outside attacks on DNA analysis software at this time, but as these technologies become more universal our current computational ecosystem need to be secured.
The researchers will present their findings in a paper at the Usenix Security Symposium in Vancouver this month.