Malware stored in synthetic DNA can take over PC

Pablo Tucker
August 11, 2017

The research was carried out at the University of Washington.

"One of the big things we try to do in the computer security community is to avoid a situation where we say, 'Oh shoot, adversaries are here and knocking on our door and we're not prepared, '" study co-author Tadayoshi Kohno, a professor at the UW's Paul G. Allen School of Computer Science and Engineering, said in a news release. And when that FASTQ file is compressed with a common compression program known as fqzcomp-FASTQ files are often compressed because they can stretch to gigabytes of text-it hacks that compression software with its buffer overflow exploit, breaking out of the program and into the memory of the computer running the software to run its own arbitrary commands.

Copies of the DNA were ordered online. The researchers started by writing a well-known exploit called a "buffer overflow", created to fill the space in a computer's memory meant for a certain piece of data and then spill out into another part of the memory to plant its own malicious commands. Modern sequencing techniques can go through hundreds of millions of DNA strands at the same time, and the sequencing machines themselves need to hookup to computers.

When this strand was sequenced and processed by the programme, the code infected the software and took control of the computer.

A human embryo is shown in a three-dimensional film on human reproduction at the Corpus museum in Oegstgeest 35 kilometers southeast of Amsterdam Netherlands in this
Fred Ernst File Genetically Modified Embryos Represent'Good Step to Improve Human Life

In the study, which will be presented August 17 in Vancouver, B.C., at the 26th USENIX Security Symposium, the team also demonstrated for the first time that it is possible - though still challenging - to compromise a computer system with a malicious computer code stored in synthetic DNA.

"As these molecular and electronic worlds get closer together, there are potential interactions that we haven't really had to contemplate before", said Luis Ceze, a co-author of the study.

The researchers claim they were able to "remotely exploit and gain full control over a computer using adversarial synthetic DNA".

"We have no evidence to believe that the security of DNA sequencing or DNA data in general is now under attack", the research team said in a statement.

"We have no evidence to believe that the security of DNA sequencing or DNA data in general is now under attack", researchers wrote. "Many were written in programming languages known to routinely contain security problems, and we found early indicators of security problems and vulnerable code".

The researchers will present their findings at the USENIX Security conference in Vancouver, Canada next Thursday.

'We look at emerging technologies and ask if there are upcoming security threats that might manifest, so the idea is to get ahead, ' said Peter Ney, one of the scientists involved in the project.

In its most basic form, the DNA is a way of storing information, and its strands are made from four building blocks - A, C, G, and T. They then fed this sample into a computer through a DNA sequencing machine that began decoding the sample. The result created a so-called organic GIF, and is the first step in what researchers are referring to as a "molecular recorder", able to exist, observe and capture information within living cells.

The team introduced the DNA into E. coli at a rate of one frame per day for five days.

It is possible. Through trial and error, the researchers managed to include an exploit in synthetic DNA strands that could take control of a computer when it processed the strands.

Because the CRISPR system adds DNA snippets sequentially, the position of each snippet in the array could be used to determine the original frame to which the snippet belonged - allowing the "movie" to be reconstructed.

Other reports by iNewsToday