Researchers Embed Malware into DNA to Hack DNA Sequencing Software – IEEE Spectrum

http://spectrum.ieee.org/the-human-os/computing/software/researchers-embed-malicious-code-into-dna-to-hack-dna-sequencing-software

This sounds like plot from scifi movie:

University of Washington researchers successfully stored malware in synthetic DNA strands, and used it to gain control of the computer analyzing it.

Researchers at the University of Washington have shown that by changing a little bit of computer code they can insert malware into a strand of DNA that, when read by DNA sequencing software, allows them to remotely control a computer or cause it to suddenly crash. Many vulnerabilities are present in other types of software.

The general security hygiene of bioinformatics programs is very low.

Check also those related articles:

http://www.techrepublic.com/article/researchers-can-now-hack-a-pc-with-malware-stored-on-synthetic-dna/

http://www.epanorama.net/newepa/2017/07/12/scientists-store-video-data-in-the-dna-of-living-organisms-ieee-spectrum/

5 Comments

  1. Tomi Engdahl says:

    ‘Adversarial DNA’ breeds buffer overflow bugs in PCs
    Boffins had to break gene-reading software but were able to remotely exploit a computer
    https://www.theregister.co.uk/2017/08/11/malware_in_dna/

    Scientists from the University of Washington have created synthetic DNA that produced malware of a sort.

    Detailed in a paper titled “Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More”, the authors explain that they decided to “synthesize DNA strands that, after sequencing and post-processing, generated a file; when used as input into a vulnerable program, this file yielded an open socket for remote control.”

    Lead author computer scientist Tadayoshi Kohno admits that malware-laced DNA isn’t a realistic threat, but suggests there’s “potential” in the future for it to be used by hackers planning to steal developing drug IP or ransom off sensitive genomic data.

    “It’s important to understand the security risks before they manifest,” Kohno told The Register. “There aren’t bad guys knocking at the door to compromise the software systems developed by this community.”

    Reply
  2. Tomi Engdahl says:

    Schoolboy bags $10,000 reward from Google with easy HTTP Host bypass
    Nice birthday gift for clever kid who found a way to access web giant’s confidential info
    https://www.theregister.co.uk/2017/08/10/schoolboy_google_bug_bounty_http_host/

    A teenager in Uruguay has scored big after finding and reporting a bug in Google’s App Engine to view confidential internal Google documents.

    While bored in July, high schooler Ezequiel Pereira, who has all the makings of a competent security researcher, used Burp to manipulate the Host header in web connections to Google’s App Engine. The 17-year-old’s target: webpages protected by MOMA, Google’s employees-only portal apparently named after a museum of modern art.

    Normally, connecting to a private staff-only Google service requires signing in via MOMA. However, it appears not all of these services fully checked a visitor was authorized to view the content.

    Burp Suite Editions
    https://portswigger.net/burp

    Coverage of over 100 generic vulnerabilities, such as SQL injection and cross-site scripting (XSS), with great performance against all vulnerabilities in the OWASP top 10.

    Reply
  3. Tomi Engdahl says:

    Biohackers Encoded Malware in a Strand of DNA
    https://www.wired.com/story/malware-dna-hack/

    When biologists synthesize DNA, they take pains not to create or spread a dangerous stretch of genetic code that could be used to create a toxin or, worse, an infectious disease. But one group of biohackers has demonstrated how DNA can carry a less expected threat—one designed to infect not humans nor animals but computers.

    In new research they plan to present at the USENIX Security conference on Thursday, a group of researchers from the University of Washington has shown for the first time that it’s possible to encode malicious software into physical strands of DNA, so that when a gene sequencer analyzes it the resulting data becomes a program that corrupts gene-sequencing software and takes control of the underlying computer. While that attack is far from practical for any real spy or criminal, it’s one the researchers argue could become more likely over time, as DNA sequencing becomes more commonplace, powerful, and performed by third-party services on sensitive computer systems. And, perhaps more to the point for the cybersecurity community, it also represents an impressive, sci-fi feat of sheer hacker ingenuity.

    Reply
  4. Tomi Engdahl says:

    Malicious code written into DNA infects the computer that reads it
    https://techcrunch.com/2017/08/09/malicious-code-written-into-dna-infects-the-computer-that-reads-it/?utm_source=tcfbpage&sr_share=facebook

    In a mind-boggling world first, a team of biologists and security researchers have successfully infected a computer with a malicious program coded into a strand of DNA.

    It sounds like science fiction, but I assure you it’s quite real — although you probably don’t have to worry about this particular threat vector any time soon. That said, the possibilities suggested by this project are equally fascinating and terrifying to contemplate.

    Reply
  5. Tomi Engdahl says:

    New Security Worry: DNA-borne Malware
    Researchers use biohacked DNA strand to attack a computer
    http://www.eetimes.com/document.asp?doc_id=1332160&

    University of Washington researchers have demonstrated that biohackers, using widely available tools, could embed malware in synthesized strands of deoxyribonucleic acid that would allow them to take over the computer analyzing the DNA. They will present their work in Vancouver, B.C., next week at the 2017 USENIX Security Symposium.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*