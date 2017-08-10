“The DNA sequencing community, and especially the programmers of bioinformatics tools, should consider computer security when developing software”. What is a DNA sequencing pipeline? Researchers said they were able to hack a software program using DNA, which means it’s possible for criminals to try to do the same.

In a paper that will be presented at a security symposium in Vancouver, Canada, on August 17, researchers explained how they stored malware in synthetic DNA, then gained control of the computer by targeting security loopholes in the DNA analysis software. It is well known in computer security that any data used as input into a program may contain code created to compromise a computer.

In July, researchers from Harvard University revealed the first film stored in bacterial DNA. The nascent technology converts the 1s and 0s of computing’s binary code into A, C, G and T, the letters that correspond to DNA base types, adenine, cytosine, guanine and thymine. While it’s clear that these types of attacks are possible, they remain hard in practice, as it is challenging to synthesize malicious DNA strands, and to find relevant vulnerabilities in DNA processing programs.

Similar techniques have been used to store data on DNA, but in this instance the team encoded the sequence with a piece of malware that it knew would infect the computer.

How might attackers go about inserting a malicious code into synthetic DNA?

After sequencing, we observed information leakage in our data due to sample bleeding. When that DNA is analyzed, the code can become executable malware that attacks the computer system running the software.

When this strand was sequenced and processed by the vulnerable program, the code infected the software and took control of the computer doing the processing. “Said another way, our exploit is created to compromise a computer program involved in the DNA sequencing pipeline (and a program intentionally modified to include a vulnerability)”.

While they did set the right conditions for the exploit to work, including turning off the exploit mitigation features, they were eventually able to gain full control over the target computer.

A doctored biological sample could even be used as a vector for malicious DNA to be processed downstream after sequencing, and executed. “Even if you were successfully able to get it into the sequencer for sequencing, it might not be in any usable shape (it might be too fragmented to be read usefully, for example)”.

“We have no evidence to believe that the security of DNA sequencing or DNA data in general is now under attack”.

A big revolution in genomic sciences is taking place now as the researchers are looking to find new ways to store data using DNA and improve the existing techniques of DNA sequencing.

Not an immediate threat, but latest successful DNA hack proves that biologists just don’t have to worry about creating or spreading a risky stretch of genetic code that could result in an infectious disease. They then fed this sample into a computer through a DNA sequencing machine that began decoding the sample.

In the study, which will be presented August 17 in Vancouver, B.C., at the 26th USENIX Security Symposium, the team also demonstrated for the first time that it is possible – though still challenging – to compromise a computer system with a malicious computer code stored in synthetic DNA. “It’s about considering a different class of threat”.

The danger of such an attack is still years away, the researchers said, adding they haven’t seen evidence of hackers attempting this sort of breach.