Security Researchers Inject DNA with Malware — But Don't Panic Yet

Data Center Knowledge

August 11, 2017

2 Min Read
DataCenterKnowledge logo in a gray background | DataCenterKnowledge

Between startups like 23andMe, makers of an at-home saliva-based DNA kit that promises to help users learn more about their health and family history, and Embark Veterinary, which helps pet owners and breeders learn about ancestry and disease risk of dogs through saliva swabs, DNA testing is having a bit of a moment.

But beyond the consumer craze for DNA testing, there is now an interesting example of how DNA is being used in security research. This week security researchers detailed how they were able to hack software using DNA that has been injected with malware.

Researchers at the University of Washington in Seattle call the hack the first DNA-based exploit of a computer system.

In their paper that will be presented at the USENIX Security Symposium in Vancouver next week, the researchers explained how they were able to encode malware in a DNA sequence through a DNA processing program.

“We then designed and created a synthetic DNA strand that contained malicious computer code encoded in the bases of the DNA strand. When this physical strand was sequenced and processed by the vulnerable program it gave remote control of the computer doing the processing. That is, we were able to remotely exploit and gain full control over a computer using adversarial synthetic DNA,” the researchers said.

While this kind of malware could be a potential security risk in the future, the researchers said that there is no reason for any concern yet. They hope that their research will encourage the DNA sequencing community to be more proactive in addressing computer security risks and follow secure software best practices when coding bioinformatics software.

“The DNA sequencing community, and especially the programmers of bioinformatics tools, should consider computer security when developing software. In particular, we encourage the wide adoption of security best practices like the use of memory safe languages or bounds checking at buffers, input sanitization, and regular security audits,” the researchers said in a FAQ.

“Another issue to consider is how to best maintain and patch bioinformatics software. Much of it is written and maintained by many entities, which makes it difficult to patch and has led to a high prevalence of out-of-date software.”

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like