Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Rewriting Life

Scientists Hack a Computer Using DNA

Malware can be encoded into a gene and used to take over a computer program.

  • by Antonio Regalado
  • August 10, 2017
  • A researcher holds up a vial containing a malicious computer program stored as DNA.

In what appears to be the first successful hack of a software program using DNA, researchers say malware they incorporated into a genetic molecule allowed them to take control of a computer used to analyze it.  

The biological malware was created by scientists at the University of Washington in Seattle, who call it the first “DNA-based exploit of a computer system.”  

To carry out the hack, researchers led by Tadayoshi Kohno (“see “Innovators Under 35, 2007”) and Luis Ceze encoded malicious software in a short stretch of DNA they purchased online. They then used it to gain “full control” over a computer that tried to process the genetic data after it was read by a DNA sequencing machine.  

The researchers warn that hackers could one day use faked blood or spit samples to gain access to university computers, steal information from police forensics labs, or infect genome files shared by scientists.  

For now, DNA malware doesn’t pose much of a security risk. The researchers admit that to pull off their intrusion, they created the “best possible” chances of success by disabling security features and even adding a vulnerability to a little-used bioinformatics program. Their paper appears here

“Their exploit is basically unrealistic,” says Yaniv Erlich, a geneticist and programmer who is chief scientific officer of MyHeritage.com, a genealogy website.  

Sign up for Weekend Reads
Our guide to stories in the archives that put technology in perspective.
Manage your newsletter preferences

Previously, Kohno was among the first to show how to hack into an automobile through its diagnostic port, later also gaining access remotely by attacking cars though Bluetooth connections.  

The new DNA malware will be presented next week at the Usenix Security Symposium in Vancouver. “We look at emerging technologies and ask if there are upcoming security threats that might manifest, so the idea is to get ahead,” says Peter Ney, a graduate student in Kohno’s Security and Privacy Research Lab.  

To make the malware, the team translated a simple computer command into a short stretch of 176 DNA letters, denoted as A, G, C, and T. After ordering copies of the DNA from a vendor for $89, they fed the strands to a sequencing machine, which read off the gene letters, storing them as binary digits, 0s and 1s.  

Erlich says the attack took advantage of a spill-over effect, when data that exceeds a storage buffer can be interpreted as a computer command. In this case, the command contacted a server controlled by Kohno’s team, from which they took control of a computer in their lab they were using to analyze the DNA file.  

Companies that manufacture synthetic DNA strands and mail them to scientists are already on the alert for bioterrorists. In the future, the researchers suggest, they might also have to start checking DNA sequences for computer threats.  

The University of Washington team also cautions that hackers could use more conventional means to target people’s genetic data, precisely because it is increasingly appearing online (see “10 Breakthrough Technologies 2015: Internet of DNA”) and even being accessed through app stores (see “10 Breakthrough Technologies 2016: DNA App Store”).

In some cases, scientific programs used to organize and interpret DNA data aren’t actively maintained, and that could create risks, says James Bonfield, a bioinformatics expert at the Sanger Institute, in the United Kingdom. Bonfield says he authored the program that the University of Washington researchers targeted in their attack. He says the short program, “fqzcomp,” was written as an experiment for a file compression competition and probably wasn’t ever employed.

Cut off? Read unlimited articles today.

Become an Insider
Already an Insider? Log in.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Rewriting Life

Reprogramming our bodies to make us healthier.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.