Researchers breach security using DNA

Malware was installed onto DNA as genetic letters and then translated into code using a DNA sequencer

The next step in cyber warfare downplays the ‘cyber' part - in favour of genetics.

Researchers at the University of Washington in Seattle have ‘installed' malware into DNA that they purchased online, then hacked the computer that was used to analyse it.

The proof-of-concept was called the first ‘DNA-based exploit of a computer system.'

The team, led by Tadayoshi Kohno and Luis Ceze, encoded the malware into the short stretch of DNA, and then used this to gain ‘full control' over a computer that tried to process the genetic data, after it was read by a DNA sequencing machine.

There is no immediate cause for concern, the researchers said; their trial was carried out in much less secure conditions than would normally be found: Yaniv Erlich, a geneticist and programmer, called the exploit "basically unrealistic." However, it does prove the possibility of hackers one day using fake blood or spit to gain access to certain computer systems, like forensic databases.

The malware that the team used was formed by translating a computer command into a stretch of 176 DNA letters. Once they had the DNA, they fed the strands into a sequencing machine, which read off the letters and stored the information as binary code.

Erlich told the MIT Technology Review that the attack took advantage of a spill-over effect, when data exceeding a certain threshold can be interpreted as a command. In this case, that command forced the computer to contact a server controlled by the research team, which they used to take control of the system.

James Bonfield, of the UK's Sanger Institute, wrote the programme that the researchers targeted in their attack. He said that scientific programmes like this one, used to organise and interpret DNA data, are rarely actively maintained and that could create risks. His own programme, known as ‘fqzcomp', was written as an experiment and "probably" never employed.

The researchers will present their findings in a paper at the Usenix Security Symposium in Vancouver this month.