Biologists today don't think about synthesizing DNA to create malignant viruses and infectious organisms. However, researchers at the University of Washington have shown in USENIX Security Symposium 2017 a new threat: Malware encoded in DNA strands. 4p44d
If the DNA is biological in nature, the threat is a little more insidious. Using the C's, G's, T's, and A's sequences of DNA strands, it is possible to code malware to take control of the computer that analyzes the genetic sequence..
In the research, the research group demonstrated for the first time that it is possible to encode malware onto physical strands of DNA, such that when the sequence is analyzed by a computer, the resulting dataset is actually a program that can take machine control.
The data resulting from a genetic sequencing analysis consists of data in digital format. FASTQ. It is a standard file format designed to compare and share biological sequences and analyses. This is the output file which would actually consist of the malware encoded in the analyzed DNA sequence.
That is, by making associations between the famous C's, G's, T's, and A's of DNA with the 0's and 1's of machine language, it is possible to translate a computer program into a DNA sequence.
DNA strand encoded malware threats 5r334g
While large-scale attacks of this type are still far from reality, as maker community of biological systems to emerge is already starting to grow.
The project leader was Professor Tadayoshi Kohno. According to him, the possible threat was identified by him when he noticed the similarity between the 0's and 1's of computer programs and the C's, G's, T's, and A's that encode DNA strands.
Virtually all open-source DNA analysis software developers never considered the possibility that the information read from the DNA strand could represent malware. That is, there are no layers of security for this type of threat.
Such malware could, for example, leak data on computer-based analyses. Could modify other DNA data stored on the machine, in addition encrypt and change already parsed data and stored for the most diverse purposes.
How was it done? 3c6w2b
As you can imagine, malware encoded in strands of physical DNA is not easy to create. Sequencers work with mixtures of chemicals that react differently to the basic units A, T, G and C, each of which emits a different color of light.
Thus, it is possible to identify each basic unit of DNA from captured images of the molecules. A first problem is that to speed up processing, images are separated into thousands of pieces of data to be analyzed in parallel.
Furthermore, the DNA strand has physical restrictions that have to be considered when writing the malware. For example, you need to have a adequate proportion of A-T's and G-C's groups, because the stability of DNA depends on this proportion.
Because of these and several other difficulties, the researchers had to rewrite the exploit several times until he got a code that could "survive" in the physical form of a strand of DNA. The malware developed is of a famous type, called “buffer overflow exploit“. That is, software that generates a data overflow to break some standard computer procedure
In the end, malware was created that can survive conversion of physical DNA to FASTQ format(when being analyzed by a sequencer). When the FASTQ file is compressed (these files are usually in the gigabytes), the malware breaks the compression program with an overflow, then able to access the computer's memory and run its own commands.
Despite everything being done in an academic environment, the threat raises concerns about the advancement of Biohacking and the popularization of genetic manipulation. With this first job, DNA analysis software developers will certainly have to implement new security layers and protocols.
