Could DNA catch a virus?

Sci­en­tists suc­cess­fully trans­fer mal­ware via a DNA sam­ple

PC Pro - - November 2017 Issue 277 -

Sci­en­tists suc­cess­fully trans­fer mal­ware via a DNA sam­ple, but don’t panic just yet.

re­searchers have dis­cov­ered it’s pos­si­ble to bury mal­ware in one of the most un­likely places pos­si­ble – in­side hu­man DNA sam­ples.

DNA is be­ing stud­ied by tech­ni­cians at Mi­crosoft and other tech com­pa­nies as a means of stor­ing data in less space than we do to­day. It of­fers huge po­ten­tial, but re­searchers at the Univer­sity of Wash­ing­ton have warned that devel­op­ers must con­sider the se­cu­rity of soft­ware tools work­ing with DNA, as they could pro­vide a rich en­vi­ron­ment for mal­ware to thrive.

“We don’t want to alarm peo­ple or make pa­tients worry about ge­netic test­ing,” said associate pro­fes­sor Luis Ceze. “But as th­ese molec­u­lar and elec­tronic worlds get closer to­gether, there are po­ten­tial in­ter­ac­tions that we haven’t re­ally had to con­tem­plate be­fore.”

DNA se­quences are typ­i­cally stored as an ASCII string of let­ters –A, T, C and G – and the re­searchers cre­ated a sim­i­larly coded ex­ploit that could be trans­lated into nu­cleic acids to cre­ate a DNA strand that could be syn­the­sised.

Once sent to a com­puter run­ning DNA-se­quenc­ing soft­ware, the em­bed­ded code made the ma­chine con­nect to the re­searchers’ re­mote server, giv­ing them con­trol over the com­puter and ac­cess to its data.

Al­though the test took place in a re­duced se­cu­rity en­vi­ron­ment, the re­searchers said the DNA pro­grams used in many op­er­a­tions were open source and lacked se­cu­rity fea­tures.

“Some were writ­ten in un­safe lan­guages known to be vul­ner­a­ble to at­tacks, in part be­cause they were first crafted by small re­search groups who weren’t ex­pect­ing much, if any, ad­ver­sar­ial pres­sure,” said Ceze. “As the cost of DNA se­quenc­ing has plum­meted, open-source pro­grams have been adopted more widely in med­i­cal and con­sumer­fo­cused ap­pli­ca­tions.” De­spite the “sci­ence fic­tion” head­lines, an­a­lysts say the DNA merely rep­re­sented a new de­liv­ery method for an old-school at­tack. “What they were re­ally show­ing was an old vul­ner­a­bil­ity – it’s a buf­fer overflow,” said Corey Nachreiner, CTO for se­cu­rity com­pany Watch-Guard. “Any time a pro­gram takes in data, it has to store it in a buf­fer, and if it doesn’t do a good job of sani­tis­ing and val­i­dat­ing the data as it’s tak­ing in, then hack­ers can ac­cess mem­ory to ex­e­cute code.”

ABOVE Tech com­pa­nies are study­ing DNA’s po­ten­tial use for data stor­age

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.