Hacking a computer using a strand of DNA sounds like something out of a science-fiction movie, but believe it or not, this isn’t taken from the script of the latest Hollywood blockbuster, but instead from the laboratories of the University of Washington.
The boundary between biology and technology
The group, from the Paul G Allen School of Computer Science and Engineering, used strands of DNA to hack into a computer. The team, led by Tadayoshi Kohno and Luis Ceze, then took over control of the computer. As they explained further:
“We designed and created a synthetic DNA strand that contained malicious computer code encoded in the bases of the DNA strand. When this physical strand was sequenced and processed by the vulnerable program it gave remote control of the computer doing the processing. That is, we were able to remotely exploit and gain full control over a computer using adversarial synthetic DNA.”
There’s no need to be alarmed, though, as the researchers are keen to point out: “There is not present cause for alarm about present-day threats. We have no evidence to believe that the security of DNA sequencing or DNA data in general is currently under attack.”
Instead, the reason the researchers carried out their tests was to demonstrate the need to improve the current security used for DNA sequencing systems in order to keep effectively using it the future. When looking at open-source sequencing software, which is used to process and analyse results from sequencing machines, it was found that there were holes in the cybersecurity as well as security best practices not being adhered to. As a result, the software is vulnerable to attack.
Synthesized DNA exploit (dnasec.cs.washington.edu)
In this case, the attack was manufactured in as much as the vulnerability in the software was deliberately introduced in order to observe how sensitive data could be altered. The work, titled ‘Computer Security, Privacy and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More’ was published at the 2017 USENIX Security Symposium.
The researchers say their work is merely aimed at highlighting the need to future-proof some of the current techniques used: “It is time to improve the state of DNA security,” say the researchers. “We again stress that there is no cause for people to be alarmed today, but we also encourage the DNA sequencing community to proactively address computer security risks before any adversaries manifest.” To this end, the authors of the study have begun to develop a framework of guidelines to be used by this industry in order to improve both the security and privacy of DNA sequencing.