Researchers use DNA to infect a computer with malicious code

Malware-laden DNA strands can be used to exploit open-source software

A team of researchers have successfully infected a computer system using a strand of human DNA encoded with a malicious program.

The remarkable experiment, conducted by a multidisciplinary team of biologists and cyber security researchers at the University of Washington, aimed to address concerns around vulnerabilities in open-source software installed in labs around the world.

While vulnerabilities of this kind are typically targeted by malware and remote hacking, the team investigated the possibility that future attack vectors may emerged from the very materials being handled, in this case DNA being transcribed and digitised for further analysis.

Computers are required to handle the vast amount of processing needed to sift through the billions of DNA bases from a single sample. In order to store the basic units that make up DNA, the data is processed using multiple open-source computer programs.

"We analyzed open-source bioinformatics tools that are commonly used by researchers to analyze DNA data," the team explained in a research blog. "Many of these are written in languages like C and C++ that are known to contain security vulnerabilities unless programs are carefully written."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The team, based at the University of Washington's Paul G. Allen School of Computer Science and Engineering, identified that most of these programs do not follow best security practices, had little to no input sanitisation to check incoming code, and had a number of insecure functions.

Using a synthetic DNA strand with a malicious code embedded into its base, the team was able to demonstrate that standard code could be transferred during the transcription process. When the strand was sequenced, the code was able to exploit these vulnerabilities to take control of a system and in theory grant remote control to a hacker.

Given the unexpected nature of an attack of this kind, relatively basic remote execution malwares could prove to be highly effective. However, while the idea of human DNA being a route for hackers to spread malware is terrifying, the researchers said there is no evidence to suggests that the security around DNA sequencing is under attack, and that the goal of the research was to create awareness.

"We again stress that there is no cause for people to be alarmed today," the team added, "But we also encourage the DNA sequencing community to proactively address computer security risks before any adversaries manifest. That said, it is time to improve the state of DNA security."

However, it does highlight the need for security researchers to be one step ahead of criminals, and keep track of emerging technology before it can be exploited.

Advertisement - Article continues below

The team is due to present its findings at the USENIX Security Symposium in Vancouver next week.

Picture: Bigstock

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

23 Dec 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020