In what looks like a scene from a science fiction film, a team of researchers from the University of Washington have successfully encoded physical DNA strands with malicious software.
For decades, scientists have studied human DNA to find a cure for genetically inherited diseases and to extend the human lifespan. However, as we enter a new generation of advanced computing, researchers are now looking for ways to load human DNA with additional information – including computer malware.
Human DNA comes with a lot of information. Some of that information is already known, but much of it still lies undiscovered. Now, scientists are keen to explore the possibility of using DNA to carry extra data.
Years ago, this idea would sound insane. Luckily for us, we’re knee deep in the scientific and technological boom that is Industry 4.0.
In the modern day, we have proven that you can implant foreign data into DNA. Unsurprisingly, this discovery comes to us courtesy of a group of biohackers.Biohackers finally found a way to inject #DNA strands with computer malware!Click To Tweet
Malware-Carrying DNA Strands
On Thursday, a team of researchers from the Paul G. Allen School of Computer Science & Engineering at the University of Washington presented at the 2017 USENIX Security Symposium how they were able to inject DNA strands with malware and use it to take over a computer.
In a paper they recently published, the scientists explained:
“The FASTQ compression utility, fqzcomp, is designed to compress DNA sequences. For experimental purposes, we inserted a vulnerability into this utility. To do so, we first copied fqzcomp from https://sourceforge.net/projects/fqzcomp/ and inserted a vulnerability into version 4.6 of its source code; a function that processes and compresses DNA reads individually, using a fixed-size buffer to store the compressed data.”
The researchers then added 54 lines of C++ code and deleted 127 lines from fqzcomp.
“Our modified fqzcomp version used a simple 2-bit DNA encoding scheme. The four nucleotides were encoded as two bits— A as 00, C as 01, G as 10, and T as 11 — packing bits into bytes starting with the most significant bits,” they further added.
After modifying the fqzcomp, they ran it in a simplified computer environment and disabled all standard security features. Then, they encoded the vulnerability to the DNA strand.
According to the researchers, the synthesis of the DNA strand came with several challenges.
For example, limiting the exploit’s size and type could constrain the amount of sequences that the DNA synthesis could generate.
No Need for Concern
Apparently, they were able to overcome the challenges they encountered. Further research showed that it was possible to create a DNA sequence that could compromise a computer program.
While the discovery is considered a breakthrough, many were alarmed by the possibility of humans that could act as carriers of computer viruses.
Addressing this concern, Tadayoshi Kohno, the lead scientist of the project said:
“We know that if an adversary has control over the data a computer is processing, it can potentially take over that computer.
That means when you’re looking at the security of computational biology systems, you’re not only thinking about the network connectivity and the USB drive and the user at the keyboard but also the information stored in the DNA they’re sequencing. It’s about considering a different class of threat.”
The researchers emphasized that their experiment was conducted using unsecured conditions. So, it only proved that DNA could be used to carry malicious software.
Consequently, this indicates that the research would likely have produced a different result under different cyber-security measures.