Scientists "hack" a computer using malware encoded in DNA

UW researchers with DNA data experiment

The University of Washington’s Lee Organick Karl Koscher and Peter Ney prepare the DNA exploit for sequencing

To create the malware, the researchers translated a computer command into a stretch of 176 DNA letters. In the paper, the team goes so far as to say: "We have no reason to believe that there have been any attacks against DNA sequencing or analysis programs".

Having set the right conditions, they were able to "remotely exploit and gain full control over a computer using adversarial synthetic DNA", they note.

The synthetic strands were passed through a sequencing machine, which converted the gene letters into digits - 0s and 1s.

Researchers are calling this the first "DNA-based exploit of a computer system".

To prove their point, the researchers turned a snippet of malicious computer code into a string of synthetic DNA, and then used it to take control of a computer that was programmed to search for patterns in the raw files that emerge from DNA sequencing.

'We do want to give people a heads up that as these molecular and electronic worlds get closer together, there are potential interactions that we haven't really had to contemplate before'.

Scientists Tadayoshi Kohno and Luiz Ceze purchased a DNA sample online and encoded their malicious software into it.

'It remains to be seen how useful this would be, but we wondered whether under semi-realistic circumstances it would be possible to use biological molecules to infect a computer through normal DNA processing, ' said co-author Peter Ney.

By encoding malware into strands of the human DNA, the researchers were able to infect a gene-sequencing machine by corrupting the software it runs on.

This data file tells researchers what sequence their DNA had as well as the quality of the read.

Co-author Dr Lee Organick added: 'To be clear, there are lots of challenges involved.

"We look at emerging technologies and ask if there are upcoming security threats that might manifest, so the idea is to get ahead", says Peter Ney, a graduate student in Kohno's Security and Privacy Research Lab.

Companies that manufacture synthetic DNA strands and mail them to scientists are already on the alert for bioterrorists.

Output from a sequencing machine that includes the team's exploit, which is being sequenced with unrelated strands.

The research was carried out at the University of Washington.

They said closing the security gaps in the software that's used for analyzing DNA is mostly a matter of following best practices in the computer industry.

The tiny movie, consisting of just five frames, shows a thoroughbred mare named Annie G galloping in 1887. While there are regulations to prevent synthesizing biological viruses such as chicken pox, the researchers warn it may be more hard to detect executable code in DNA.

DNA is built up of foundational units called nucleotides.

Once inserted into the genome of e.coli, the data can then be retrieved by sequencing the DNA and the images are reconstructed by reading the pixel nucleotide code, which was achieved with around 90 per cent accuracy.

Latest News