Researchers have successfully proven that viruses can be weaponized to infect computers and take them over. And if that’s not the premise of a dystopian sci-fi novel, I don’t know what is.
The University of Washington recently baked malware into a genetic molecule and then infected a system analyzing it. If it sounds like DNA data storage, you’re right; the premise is a natural expansion.
If you can put good code on DNA, then naturally you can put bad code on it – and any system that reads it is going to be at risk of infection. Which begs the question – since scientists have just learned to store data on atoms, will there one day be atomic-level malware?
What It Proved
The DNA malware method used by the researchers doesn’t just prove malware delivery via DNA is possible. It also demonstrates forensic labs, universities and science facilities could be at risk if people started faking blood and saliva samples.
There’s some good news, though – the researchers set the bar fairly low for their test. For the best chance of success, they used a compromised piece of DNA analysis software – specifically, one that already had a known exploit in it. They then baked in malware that specifically targeted this exploit.
“When this physical strand was sequenced and processed by the vulnerable program it gave remote control of the computer doing the processing,” the researchers declared in a press release. “That is, we were able to remotely exploit and gain full control over a computer using adversarial synthetic DNA.”
While the researchers said there was no cause for immediate concern – as this sort of attack is currently not being used – they said now was the right time to begin hardening these sorts of systems to cyber-attacks.
“Since DNA sequencing technologies are maturing and becoming more ubiquitous, we do believe that these types of issues could pose a growing problem into the future, if unaddressed.”
Is Proving It Can Be Done A Bad Thing?
If you’ve asked “Hey, isn’t black hats that they can compromise software with DNA a bad thing?”, you wouldn’t be alone. The researchers said that by highlighting these issues, it helps to shore them up before they become a bigger problem.
“The security research community has found that evaluating the security risks of a new technology while it is being developed makes it much easier to confront and address security problems before adversarial pressure manifests,” they said. “One example has been the modern automobile and another the modern wireless implantable medical device.”
“In both cases, the government and industry responded to security research uncovering potential risks, and as a result both the modern automotive industry and the medical device industry have significantly increased their computer security protections. We encourage the computational biology community to do the same.”