Home / News & Analysis / Malware Can Be Stored in DNA, Researchers Warn

Malware Can Be Stored in DNA, Researchers Warn

Researchers at the University of Washington say it's possible to hack a computer using malware stored in DNA. In other words, malware is going molecular.

SecurityWatchThere's no evidence anyone is using this for nefarious reasons—at least not yet. But researchers say "security gaps" in common, open-source DNA processing programs could make it possible—though not easy—for individuals to gain control of computer systems, access personal information, and even manipulate DNA results.

In a new paper, the team offer details of this technique and recommendations to strengthen computer security and privacy protections in DNA synthesis, sequencing, and processing.

"One of the big things we try to do in the computer security community is to avoid a situation where we say, 'Oh shoot, adversaries are here and knocking on our door and we're not prepared,'" co-author Tadayoshi Kohno, a professor at UW's Paul G. Allen School of Computer Science and Engineering, said in a statement. "Instead, we'd rather say, 'Hey, if you continue on your current trajectory, adversaries might show up in 10 years. So let's start a conversation now about how to improve your security before it becomes an issue.'"

Researchers hypothesized that it may be possible to produce malware-laden DNA strands that, if sequenced and analyzed, could compromise a computer. Through trial and error, they proved it could be done.

"To assess whether this is theoretically possible, we included a known security vulnerability in a DNA processing program," they wrote. "We then designed and created a synthetic DNA strand that contained malicious computer code encoded in the bases of the DNA strand. When this physical strand was sequenced and processed by the vulnerable program it gave remote control of the computer doing the processing. That is, we were able to remotely exploit and gain full control over a computer using adversarial synthetic DNA."

Related

You shouldn't worry too much at this point, though, according to author and Allen School Associate Professor Luis Ceze. "We don't want to alarm people or make patients worry about genetic testing, which can yield incredibly valuable information," Ceze said. "We do want to give people a heads up that as these molecular and electronic worlds get closer together, there are potential interactions that we haven't really had to contemplate before."

Co-author Lee Organick, a research scientist in the Molecular Information Systems Lab, said someone would have to overcome "lots of challenges" to pull this off. "Even if someone wanted to do this maliciously, it might not work," Organick wrote. "But we found it is possible."

The researchers plan to discuss their findings during a presentation at the USENIX Security Symposium in Vancouver on Aug. 17.

Read more

Check Also

Twitter is holding off on fixing verification policy to focus on election integrity

Twitter is pausing its work on overhauling its verification process, which provides a blue checkmark to public figures, in favor of election integrity, Twitter product lead Kayvon Beykpour tweeted today. That’s because, as we approach another election season, “updating our verification program isn’t a top priority for us right now (election integrity is),” he wrote on Twitter this afternoon. Last November, Twitter paused its account verifications as it tried to figure out a way to address confusion around what it means to be verified. That decision came shortly after people criticized Twitter for having verified the account of Jason Keller, the person who organized the deadly white supremacist rally in Charlottesville, Virginia. Fast forward to today, and Twitter still verifies accounts “ad hoc when we think it serves the public conversation & is in line with our policy,” Beykpour wrote. “But this has led to frustration b/c our process remains opaque & inconsistent with our intented [sic] pause.” While Twitter recognizes its job isn’t done, the company is not prioritizing the work at this time — at least for the next few weeks, he said. In an email addressed to Twitter’s health leadership team last week, Beykpour said his team simply doesn’t have the bandwidth to focus on verification “without coming at the cost of other priorities and distracting the team.” The highest priority, Beykpour said, is election integrity. Specifically, Twitter’s team will be looking at the product “with a specific lens towards the upcoming elections and some of the ‘election integrity’ workstreams we’ve discussed.” Once that’s done “after ~4 weeks,” he said, the product team will be in a better place to address verification. We've heard some questions recently about the status of Verification on Twitter, so wanted to address directly. Updating our verification program isn’t a top priority for us right now (election integrity is). Here’s some history & context, and how we plan to put it on our roadmap — Kayvon Beykpour (@kayvz) July 17, 2018

Leave a Reply

Your email address will not be published. Required fields are marked *

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.