Could DNA catch a virus?
Scientists successfully transfer malware via a DNA sample
Scientists successfully transfer malware via a DNA sample, but don’t panic just yet.
researchers have discovered it’s possible to bury malware in one of the most unlikely places possible – inside human DNA samples.
DNA is being studied by technicians at Microsoft and other tech companies as a means of storing data in less space than we do today. It offers huge potential, but researchers at the University of Washington have warned that developers must consider the security of software tools working with DNA, as they could provide a rich environment for malware to thrive.
“We don’t want to alarm people or make patients worry about genetic testing,” said associate professor Luis Ceze. “But as these molecular and electronic worlds get closer together, there are potential interactions that we haven’t really had to contemplate before.”
DNA sequences are typically stored as an ASCII string of letters –A, T, C and G – and the researchers created a similarly coded exploit that could be translated into nucleic acids to create a DNA strand that could be synthesised.
Once sent to a computer running DNA-sequencing software, the embedded code made the machine connect to the researchers’ remote server, giving them control over the computer and access to its data.
Although the test took place in a reduced security environment, the researchers said the DNA programs used in many operations were open source and lacked security features.
“Some were written in unsafe languages known to be vulnerable to attacks, in part because they were first crafted by small research groups who weren’t expecting much, if any, adversarial pressure,” said Ceze. “As the cost of DNA sequencing has plummeted, open-source programs have been adopted more widely in medical and consumerfocused applications.” Despite the “science fiction” headlines, analysts say the DNA merely represented a new delivery method for an old-school attack. “What they were really showing was an old vulnerability – it’s a buffer overflow,” said Corey Nachreiner, CTO for security company Watch-Guard. “Any time a program takes in data, it has to store it in a buffer, and if it doesn’t do a good job of sanitising and validating the data as it’s taking in, then hackers can access memory to execute code.”