World's first hack using DNA? Malware in genetic code could wreck police CSI work

Scientists say they've encoded DNA to hack a computer for the first time.
Written by Liam Tung, Contributing Writer

The research shows how attackers could disrupt a police investigation by injecting malicious DNA into samples they know will be sequenced on a computer.

Image: iStock

Scientists have successfully encoded a software exploit in a gene to remotely hack a computer.

But why would anyone want to hack a computer with a malicious DNA strand? The researchers who developed it argue an attacker could use it to hack any computer in the DNA sequencing pipeline.

This pipeline includes any facility that accepts DNA samples for computer-based gene sequencing and processing. An attacker could mess with a police investigation by tainting blood, hair, and saliva samples with injected malicious DNA they know will be sequenced on a computer.

"Since DNA sequencing is rapidly progressing into new domains, such as forensics and DNA data storage, we believe it is prudent to understand current security challenges in the DNA sequencing pipeline before mass adoption," write the researchers from the University of Washington's Paul Allen School of Computer Science & Engineering.

Though the prospect of defending against DNA malware is interesting, the researchers rigged the attack in their favor, making it unrealistic.

The scientists designed a synthetic DNA strand to target a buffer overflow vulnerability they inserted into FASTQ, an open-source program used to compress DNA sequences. They also ran the modified program on a machine with the exploit mitigation feature, Address Space Layout Randomization, disabled.

Having set the right conditions, they were able to "remotely exploit and gain full control over a computer using adversarial synthetic DNA," they note.

The researchers admit that the threat of a DNA attack on computers remains theoretical today and consequently see no need for immediate concern.

However, they also argue there are plenty of "easy" attack vectors if an attacker wanted to target DNA processing machines. While there are regulations to prevent synthesizing biological viruses such as chicken pox, the researchers warn it may be more difficult to detect executable code in DNA.

Anyone who creates an account at DNA research institutes could also submit sequencing files that could be malicious.

Additionally, since bioinformatics software isn't commonly targeted by hackers, the software isn't generally hardened to attacks. They also note patching difficulties since DNA analysis software packages are often aren't managed in a central code repository.

Previous coverage

When your genome costs less than your iPhone: The beautiful, terrifying future of DNA sequencing

Mapping the human genome was one of humanity's greatest scientific breakthroughs. Now, the cloud and supercomputing are taking it to new heights, bringing breathtaking and disturbing possibilities.

Read more on DNA

Editorial standards