Every Bit of Information
In a feat that seems straight out of science fiction, a team of “biohackers” managed to successfully infect a computer with a malware that was coded into a strand of DNA. Worry not, however, as this isn’t the latest hacking news. It’s all part of a study done by a multidisciplinary team of researchers from the University of Washington, which was presented at the USENIX Security Symposium this week.
DNA is known to store information using nucleotides, its base structural units. Individually these unites are denoted by the letters A, C, G, and T. In the study, researchers hoped to find out if it would be possible store malicious computer code into DNA strands that could compromise a computer when it’s sequenced and analyzed. The hack, then, took advantage of DNA sequencing technologies, which have become increasingly common over the last decade.
“We then designed and created a synthetic DNA strand that contained malicious computer code encoded in the bases of the DNA strand,” the team said in a press release. Designing the malware into DNA wasn’t easy, as the team had several challenges to overcome: first, the malware needed to fit into just a few hundred base pairs, so as not to compromise data integrity. Second, to keep the DNA stable, it had to meet a certain ratio of A-T and G-C pairs. As such, it took several attempts for the team to come up with a synthetic DNA that could carry the malware.
The hack first exploited the DNA sequencing software, then spread into the computer itself. “That is, we were able to remotely exploit and gain full control over a computer using adversarial synthetic DNA,” the team wrote. However, full translation of the attack was just at 37 percent, because the sequencers would sometimes decode the DNA backwards. DNA strands can be sequenced in either direction, whereas a computer code only works in one. That being said, researchers are considering crafting future versions of the hack as a palindrome.
The results of this experiment don’t mean DNA sequencing and DNA data are compromised, as it’s not exactly a viable hack. Lead researcher Tadayoshi Kohno told WIRED that their research does, however, open up a new perspective in cybersecurity:
“[W]hen you’re looking at the security of computational biology systems, you’re not only thinking about the network connectivity and the USB drive and the user at the keyboard but also the information stored in the DNA they’re sequencing.”
With DNA computing and DNA data storage now possible, one can’t help but wonder just how long it would take before someone actually does successfully execute such a hack. Especially as gene editing becomes more refined. CRISPR, for example, was recently used to store a GIF inside bacterial DNA. “As these molecular and electronic worlds get closer together, there are potential interactions that we haven’t really had to contemplate before,” researcher Luis Ceze told TechCrunch.
“There are a lot of interesting—or threatening may be a better word—applications of this coming in the future,” researcher Peter Ney said, also speaking to WIRED. The researchers suggested that DNA in genetically modified products could be used to store trade secrets, for example. While there’s no cause for alarm, the researchers are still urging caution: “[I]t is important to consider threats from all sources, including the DNA strands being sequenced, as a vector for computer attacks.”