Biologists pay scrupulous attention to DNA synthesis, not just out of a need for precision, but also as a precaution. Scientists don’t want to create or spread a dangerous stretch of genetic code that, with a little bit of criminal ingenuity, could be used to make a toxin or an infectious disease. But recently, a group of biohackers has found a way to cross biology with the digital by resequencing DNA, not to infect humans or animals, but computers.
A group of researchers from the University of Washington has shown that, for the first time, it’s possible to encode malicious software into physical strands of DNA. And so, when a gene sequencer performs an analysis, the output transforms into a program which corrupts gene-sequencing software to gain control of an entire computer.
This is a far cry from a criminal implementation. Researchers agree that this new method could be integrated into real-world applications once DNA sequencing grows more powerful and ubiquitous.
“We know that if an adversary has control over the data a computer is processing, it can potentially take over that computer,” said Tadayoshi Kohno, Computer Science Professor at the University of Washington in an interview with WIRED, noting the similarity to traditional hacker attacks. “That means when you’re looking at the security of computational biology systems, you’re not only thinking about the network connectivity and the USB drive and the user at the keyboard but also the information stored in the DNA they’re sequencing. It’s about considering a different class of threat,” he added.
While, currently, this feels more like an alternate take on Neal Stephenson’s Snow Crash than an imminent cyber threat, the means for disseminating this bio-delivered code are already coming into being. University labs, for one, are employing increasingly centralized services for students and professors working with college-owned (and expensive) gene sequencing equipment. And as other, non-academic environs like corporations, medical facilities, and government-run facilities follow suit, this DNA-malware delivery trick will become feasible. Additionally, the DNA-malware delivery will come from outside sources, which could provide the perfect window for malware insertion.
Called an “exploit” by hackers, this specific kind of computer attack is known as a “buffer overflow” which fills the space in a computer’s memory allocated for the gene sequence and then spills out into other parts of the computer’s memory until it can plant its own commands.
So far, challenges to the process — like squeezing the code into a few hundred DNA bases and the tendency of redundant base patterns to cause DNA to fold into itself — have limited the digital translation to a mere 37% success rate. Clearly, DNA-hacking is still only a reality for readers of biopunk sci-fi, but we’d be naive to dismiss it as the next generation’s problem (or boon). After all, Seth Shipman of a Harvard team recently encoded a video in a DNA sample. Once perfected, DNA storage could replace magnetic encoding in flash memory because DNA maintains its structure for much longer.
DNA coding and bio-exploitation might sound like fiction today, but, like the cell phone’s origins in Star Trek canon, it’s only a matter of doing.