Scientists working at the University of Washington have successfully hacked into a computer using custom strands of DNA. This is the first time this feat has been achieved. This may seem like something from a 1970s pulp science fiction but the scientists managed to use the nucleic acid to attack and take over a computer. This was through the use of strands of DNA which transmitted a computer virus, crossing the divide between the biological and digital realms.
Following advances with the biosynthesis of nucleic material, and following the reported success of DNA as a storage medium (“Computer operating system and movie stored on DNA“), the synthesis of DNA can be sequenced and processed to provide an attacker arbitrary remote code execution. While this has stood as a theory, until now, the feasibility of using DNA to hack a computer has now been demonstrated.
The scientists used the four bases in DNA, adenine, cytosine, guanine and thymine to encode malware. This was then read by a piece of DNA sequencing equipment. Through this the molecular code was converted into computer code, and this malicious software proved capable of taking over the computer connected to the DNA sequencer. This is important since many start-ups are looking into the use of DNA as a storage medium. DNA has a data density in orders of magnitude far higher than any conventional storage systems (“Major tech companies see DNA storage as the future.”) The reason for the interest in DNA for data storage is because just 1 gram of DNA able to represent close to 1 billion terabytes (1 zettabyte) of data.
According to the lead researchers Tadayoshi Kohno and Luis Ceze, who are based at the Paul G Allen school of computer science and engineering (University of Washington): “We designed and created a synthetic DNA strand that contained malicious computer code encoded in the bases of the DNA strand.”
The scientists go on to explain: “When this physical strand was sequenced and processed by the vulnerable program it gave remote control of the computer doing the processing. That is, we were able to remotely exploit and gain full control over a computer using adversarial synthetic DNA.”
For the attack, the researchers performed a cyber-assault on a modified downstream sequencing utility with a deliberately introduced vulnerability. After sequencing, they observed information leakage in data due to sample bleeding. The researchers showed how such a leakage channel could be used adversarially to inject data or reveal sensitive information.
The researchers have gone onto to develop a broad framework and guidelines to safeguard security and privacy in DNA synthesis, sequencing, and processing. However, is there a major concern? The Guardian notes that the hack was only possible because of weakness in the DNA sequencing software, and only in this specific instance.
The new research has been presented to the peer-reviewed USENIX Security Symposium, which is taking place in August 2017. A supporting white paper has been issued: “Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More.”
If you found this article on computer vulnerability of interest, then Digital Journal’s recent article on quantum computers is of relevance. While quantum computers promise many things, including faster processing speed and the ability to perform complex calculations, can these devices be trusted with sensitive information?
