This pipeline includes any facility that accepts DNA samples for computer-based gene sequencing and processing. An attacker could mess with a police investigation by tainting blood, hair, and saliva samples with injected malicious DNA they know will be sequenced on a computer.
"Since DNA sequencing is rapidly progressing into new domains, such as forensics and DNA data storage, we believe it is prudent to understand current security challenges in the DNA sequencing pipeline before mass adoption," write the researchers from the University of Washington's Paul Allen School of Computer Science & Engineering.
Though the prospect of defending against DNA malware is interesting, the researchers rigged the attack in their favor, making it unrealistic.
The scientists designed a synthetic DNA strand to target a buffer overflow vulnerability they inserted into FASTQ, an open-source program used to compress DNA sequences. They also ran the modified program on a machine with the exploit mitigation feature, Address Space Layout Randomization, disabled.
Having set the right conditions, they were able to "remotely exploit and gain full control over a computer using adversarial synthetic DNA," they note.
The researchers admit that the threat of a DNA attack on computers remains theoretical today and consequently see no need for immediate concern.
However, they also argue there are plenty of "easy" attack vectors if an attacker wanted to target DNA processing machines. While there are regulations to prevent synthesizing biological viruses such as chicken pox, the researchers warn it may be more difficult to detect executable code in DNA.
Anyone who creates an account at DNA research institutes could also submit sequencing files that could be malicious.
Additionally, since bioinformatics software isn't commonly targeted by hackers, the software isn't generally hardened to attacks. They also note patching difficulties since DNA analysis software packages are often aren't managed in a central code repository.