Scientists Are Hacking Computers By Converting Malware Into Strands Of DNA
Hacking has become a commonplace characteristic of modern life. The act of using a computer to gain unauthorized access to data has been used over the years for both bad and good, by governments and citizens, with great media attention and completely under the radar. Phishing scams, Anonymous, and Russian election meddling all coexist under the umbrella of hacking, and as technology advances the implications of and access to rogue hackers and hacking technology will only become more ubiquitous. Primarily, though, we think of hacking as a means of getting to something stored in a computer system, but some emergent studies in the technology are instead focusing on controlling the computer itself, rather than simply “breaking in” to what it contains. And scientists are doing this by encoding malware DNA into computers.
As reported by the Atlantic, University of Washington researchers have taken over a computer’s operational controls by encoding malicious software in DNA. “Strands of DNA are made from four building blocks, represented by the letters A, C, G, and T. These letters can be used to represent the 1s and 0s of computer programs,” explains the report. “That’s what the Washington team did—they converted a piece of malware into physical DNA strands. When those strands were sequenced, the malware launched and compromised the computer that was analyzing the sequences, allowing the team to take control of it.” Using the same concept behind sequencing the human DNA genome, these scientists are on the forefront of a provocative niche in the technology world, where humans and computers begin to share more and more commonalities.
A report form Wired described the experiment in similar terms: “A group of researchers from the University of Washington has shown for the first time that it’s possible to encode malicious software into physical strands of DNA, so that when a gene sequencer analyzes it the resulting data becomes a program that corrupts gene-sequencing software and takes control of the underlying computer. While that attack is far from practical for any real spy or criminal, it’s one the researchers argue could become more likely over time, as DNA sequencing becomes more commonplace, powerful, and performed by third-party services on sensitive computer systems. And, perhaps more to the point for the cybersecurity community, it also represents an impressive, sci-fi feat of sheer hacker ingenuity.”
Already, researchers have been able to wirelessly hack into a heart transplant and “reprogram it to either shut down or deliver debilitating jolts.” Cars have been hacked into as well, opening up the possibility of cars being driven off the road and other dangerous, potentially fatal maneuvers. Developments such as these have led scientists to begin asking the question “Could we compromise a computer system with DNA biomolecules?”
In the University of Washington study, “the team introduced a vulnerability into a program that’s commonly used to analyze DNA data files” in order to make their malware work. “They then exploited that weakness. That’s a bit of a cheat, but the team also showed that such vulnerabilities are common in software for analyzing DNA. The people who created these programs didn’t really have hacking in mind, and so their products tend to be insecure, and rarely follow best practices for digital security. With the right molecular malware, it could be possible for adversaries to compromise these programs and the computers that run them,” the report explains.
Naturally, the implications range from thought provoking to terrifying. “DNA is commonly used in forensics, so if troublemakers could hack sequencing machines or software, they could change the course of an investigation by altering genetic data,” the report offers as an example of the less extreme side of the spectrum. Similarly, ” if machines are processing confidential data about genetically modified organisms, hackers could steal intellectual property.” More troubling is the fact that “The United States is currently trying to sequence the DNA of at least 1 million Americans to pave the way for precision medicine, where treatments are tailored to an individual’s genes.” As computer security researcher Peter Ney puts it, “If you can compromise [the sequencing pipeline], you could steal that data, or manipulate it to make it seem like people have genetic diseases they don’t have.”
For now, though, it seems the threat of full blown DNA system hacking is still very much on the horizon. As the research team leader, Tadayoshi Kohno, puts it: “We don’t know of such threats arising yet and we hope that they’ll never manifest.”