University of Washington researchers analyzed the open-source DNA processing program to find the evidence of poor computer security practices.
In the study, the researchers used a malicious computer code into a string of synthetic DNA, used to take control of a computer that was programmed to search for patterns in the raw files that emerge from DNA sequencing.
Researchers said, there’s no evidence of malicious attacks on DNA synthesizing. But, the analysis of software found security gaps in many of the open-source software programs used to analyze DNA sequencing data. But, they said the cyber-security angle shouldn’t be ignored as DNA-based computing progresses.
According to the study, researchers offer recommendations to strengthen computer security and privacy protections in DNA synthesis, sequencing and processing.
The researchers identified several different ways that a hacker could compromise a DNA sequencing and processing stream. To start, researchers demonstrated a technique that is scientifically interesting though arguably not the first thing an adversary might attempt.
DNA is a system that encodes information in sequences of nucleotides. The process of experimenting the team found a way to include executable code similar to computer worms that occasionally wreak havoc on the internet in synthetic DNA strands.
To construct the malware, the team translated a computer command into a short stretch of 176 DNA letters. The command designed to target a particular flaw. The synthetic strands passed through a sequencing machine, which converted the gene letters into binary digits, 0s and 1s.
When this strand was sequenced and processed by the vulnerable program, the code infected the software and took under the control of the computer doing the processing. The researchers then able to remotely exploit this machine using adversarial synthetic DNA.
The study results theoretically possible to produce synthetic DNA that can compromise a computer system. These attacks difficult in practice because it is challenging to synthesize malicious DNA strands and to find relevant vulnerabilities in DNA processing programs.
More information: [DNA]