Researchers at the University of Washington revealed some information about malware-laden DNA that can compromise a computer. It also can be said that malware is going molecular.
There is no evidence yet that criminals are using it for their own benefit. However, researchers indicate that security gaps in common, open-source DNA operating programs could enable consumers to take control of device systems, get access to personal data and sensitive information, and even change DNA results.
The recent study revealed some details of the mentioned technique and provided recommendations on how to increase computer security and privacy protection.
Co-author Tadayoshi Kohno, a professor at UW's Paul G. Allen School of Computer Science and Engineering, reported that:
“One of the big things we try to do in the computer security community is to avoid a situation where we say, 'Oh shoot, adversaries are here and knocking on our door and we're not prepared. Instead, we'd rather say, 'Hey, if you continue on your current trajectory, adversaries might show up in 10 years. So let's start a conversation now about how to improve your security before it becomes an issue.”
The research provided the hypothesis that it could be possible to establish malware-laden DNA strands that are able to infect the computer if sequenced and analyzed. The hypothesis was supported by trial and error. The researcher noted:
“To assess whether this is theoretically possible, we included a known security vulnerability in a DNA processing program. We then designed and created a synthetic DNA strand that contained malicious computer code encoded in the bases of the DNA strand. When this physical strand was sequenced and processed by the vulnerable program it gave remote control of the computer doing the processing. That is, we were able to remotely exploit and gain full control over a computer using adversarial synthetic DNA.”
Consumers should not worry in this case, according to Luis Ceze, Allen School Associate Professor and author: “We don't want to alarm people or make patients worry about genetic testing, which can yield incredibly valuable information. We do want to give people a heads up that as these molecular and electronic worlds get closer together, there are potential interactions that we haven't really had to contemplate before.”
In addition, Lee Organick, a scientist in the Molecular Information Systems Lab and co-author, stated that an individual who aims to produce malware-laden DNA strands would have to get over many objections and indicated that “Even if someone wanted to do this maliciously, it might not work. But we found it is possible”.