Cybersecurity Researchers Implant Malware Into DNA Strand

Cybersecurity researchers at the University of Washington have been able to infect a computer with malware coded into a strand of DNA.

While the experts believe bio-malware is not a likely threat vector at the moment, it could be in the years ahead.

This is because security protocols surrounding DNA transcription and analysis “can be inadequate, and vulnerabilities have been discovered in the open-source software used in labs around the world.”

The researchers point out that there has been rapid improvement in the cost and time necessary to sequence and analyse DNA.

For example, in the past ten years the cost to sequence a human genome has decreased 100,000 fold or more, the researchers said.

This performance increase has been achieved thanks to parallel processing, and has resulted in a raft of new DNA services being offered to the general public, such as personalised medicine, ancestry research, and even the study of the microorganisms that live in a person’s gut.

Of course, computers are needed to process, analyse, and store the billions of DNA bases that can be sequenced from a single DNA sample.

And where there is a computer, there is a security risk.

The researchers in their study found that DNA sequencers (scientific instrument used to automate the DNA sequencing process) often fail to follow best practices in computer security, and the researchers were therefore able to encode malware in DNA sequences.

“After DNA is sequenced, it is usually processed and analysed by a number of computer programs through what is called the DNA data processing pipeline,” wrote the researchers.

“We analysed the computer security practices of commonly used, open-source programs in this pipeline and found that they did not follow computer security best practices. Many were written in programming languages known to routinely contain security problems, and we found early indicators of security problems and vulnerable code.”

What is your biggest cybersecurity concern?

  • Ransomware (28%)
  • Humans / Social Engineering (27%)
  • State sponsored hackers (14%)
  • Malware (14%)
  • Other (7%)
  • Out of date tools (6%)
  • DDoS (4%)

Loading ...

The researchers were then able to produce DNA strands containing malicious computer code that, if sequenced and analysed, could compromise a computer.

“To assess whether this is theoretically possible, we included a known security vulnerability in a DNA processing program that is similar to what we found in our earlier security analysis,” they continued.

“We then designed and created a synthetic DNA strand that contained malicious computer code encoded in the bases of the DNA strand,” they wrote. “When this physical strand was sequenced and processed by the vulnerable program it gave remote control of the computer doing the processing. That is, we were able to remotely exploit and gain full control over a computer using adversarial synthetic DNA.”

No Panic – For Now

But the researchers also sought to reassure the general public, saying that at present there is no cause for alarm about present-day threats.

“We have no evidence to believe that the security of DNA sequencing or DNA data in general is currently under attack,” they said. “Instead, we view these results as a first step toward thinking about computer security in the DNA sequencing ecosystem.”

However, they did urge the DNA sequencing community to proactively address computer security risks before any adversaries manifest.

In 2015 a study by Australian telecommunications company Telstra found that most younger UK consumers would consider providing a DNA sample when choosing a bank, in order to improve the security of remote banking access.

Quiz: Do you know all about security?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

24 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago