Cybersecurity Researchers Implant Malware Into DNA Strand

Cybersecurity researchers at the University of Washington have been able to infect a computer with malware coded into a strand of DNA.

While the experts believe bio-malware is not a likely threat vector at the moment, it could be in the years ahead.

This is because security protocols surrounding DNA transcription and analysis “can be inadequate, and vulnerabilities have been discovered in the open-source software used in labs around the world.”

The researchers point out that there has been rapid improvement in the cost and time necessary to sequence and analyse DNA.

For example, in the past ten years the cost to sequence a human genome has decreased 100,000 fold or more, the researchers said.

This performance increase has been achieved thanks to parallel processing, and has resulted in a raft of new DNA services being offered to the general public, such as personalised medicine, ancestry research, and even the study of the microorganisms that live in a person’s gut.

Of course, computers are needed to process, analyse, and store the billions of DNA bases that can be sequenced from a single DNA sample.

And where there is a computer, there is a security risk.

The researchers in their study found that DNA sequencers (scientific instrument used to automate the DNA sequencing process) often fail to follow best practices in computer security, and the researchers were therefore able to encode malware in DNA sequences.

“After DNA is sequenced, it is usually processed and analysed by a number of computer programs through what is called the DNA data processing pipeline,” wrote the researchers.

“We analysed the computer security practices of commonly used, open-source programs in this pipeline and found that they did not follow computer security best practices. Many were written in programming languages known to routinely contain security problems, and we found early indicators of security problems and vulnerable code.”

What is your biggest cybersecurity concern?

  • Ransomware (28%)
  • Humans / Social Engineering (27%)
  • State sponsored hackers (14%)
  • Malware (14%)
  • Other (7%)
  • Out of date tools (6%)
  • DDoS (4%)

Loading ...

The researchers were then able to produce DNA strands containing malicious computer code that, if sequenced and analysed, could compromise a computer.

“To assess whether this is theoretically possible, we included a known security vulnerability in a DNA processing program that is similar to what we found in our earlier security analysis,” they continued.

“We then designed and created a synthetic DNA strand that contained malicious computer code encoded in the bases of the DNA strand,” they wrote. “When this physical strand was sequenced and processed by the vulnerable program it gave remote control of the computer doing the processing. That is, we were able to remotely exploit and gain full control over a computer using adversarial synthetic DNA.”

No Panic – For Now

But the researchers also sought to reassure the general public, saying that at present there is no cause for alarm about present-day threats.

“We have no evidence to believe that the security of DNA sequencing or DNA data in general is currently under attack,” they said. “Instead, we view these results as a first step toward thinking about computer security in the DNA sequencing ecosystem.”

However, they did urge the DNA sequencing community to proactively address computer security risks before any adversaries manifest.

In 2015 a study by Australian telecommunications company Telstra found that most younger UK consumers would consider providing a DNA sample when choosing a bank, in order to improve the security of remote banking access.

Quiz: Do you know all about security?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Google Ordered To Pay $43m By Australian Court

Search engine Google fined $43 million by Australian court for tracking Android users location data…

1 day ago

Hacker Touts Data Sale Of 48.5m Users Of Covid App – Report

Personal data of 48.5 million Chinese citizens who used Shanghai's Covid App, is being offered…

1 day ago

Facebook Tests Default End-to-End Encryption For Messenger

Privacy move. Platform tests secure storage of people's chats on Messenger, in a move sure…

1 day ago

UK’s CMA Begins Probe Of Viasat Acquisition Of Inmarsat

British competition regulator the CMA, begins phase one investigation of $7.3 billion merger between Inmarsat…

2 days ago

Cisco Admits ‘Security Incident’ After Breach Of Corporate Network

Yanluowang ransomware hackers claim credit for compromise of Cisco's corporate network in May, while Cisco…

2 days ago

Google Seeks To Shame Apple Over RCS Refusal

Good luck convincing Tim. Google begins publicity campaign to pressure Aple into adopting the cross…

2 days ago