Today at the Usenix Security conference, a group of University of Washington researchers will present a paper showing how they wrote a piece of malware that attacks common gene-sequencing devices and encoded it into a strand of DNA: gene sequencers that read the malware are corrupted by it, giving control to the attackers.
It's an imperfect attack: it only works 37% of the time, and the researchers used a deliberately weakened version of the sequencing software, but the reliability and virulence of the attack will likely increase in future iterations.
Regardless of any practical reason for the research, however, the notion of building a computer attack—known as an "exploit"—with nothing but the information stored in a strand of DNA represented an epic hacker challenge for the University of Washington team. The researchers started by writing a well-known exploit called a "buffer overflow," designed to fill the space in a computer's memory meant for a certain piece of data and then spill out into another part of the memory to plant its own malicious commands.
But encoding that attack in actual DNA proved harder than they first imagined. DNA sequencers work by mixing DNA with chemicals that bind differently to DNA's basic units of code—the chemical bases A, T, G, and C—and each emit a different color of light, captured in a photo of the DNA molecules. To speed up the processing, the images of millions of bases are split up into thousands of chunks and analyzed in parallel. So all the data that comprised their attack had to fit into just a few hundred of those bases, to increase the likelihood it would remain intact throughout the sequencer's parallel processing.
Computer Security, Privacy, and DNA Sequencing:
Compromising Computers with Synthesized DNA, Privacy Leaks, and More [Peter Ney, Karl Koscher, Lee Organick, Luis Ceze and Tadayoshi Kohno/Usenix Security]