We agree with the premise of the study that this does not pose an imminent threat and is not a typical cyber security capability", writes Jason Callahan, the company's chief information security officer "We are vigilant and routinely evaluate the safeguards in place for our software and instruments.
Regardless of any practical reason for the research, however, the notion of building a computer attack-known as an "exploit"-with nothing but the information stored in a strand of DNA represented an epic hacker challenge for the University of Washington team".
University of Washington researchers figured out a way to use biology to infect computers with malicious code. When the program analyzes DNA, it reads it like code - allowing the biohacker to take advantage of the security loopholes and take over the computer.
The paper was published at the 2017 USENIX Security Symposium in Canada, and like we say, was rallying cry for greater regulation, but if we do hear anything more about biohacking (as we're calling it) we'll let you know.
Scientists have synthesised a strand of DNA that can be used to hack computers in a world first. One is that the kind of malicious DNA coding devised by the UW team wouldn't affect how living organisms work.
It should be noted that the exploit created by the researchers didn't target any specific program used by biologists; rather it targeted a modified program with known vulnerability.
This pipeline includes any facility that accepts DNA samples for computer-based gene sequencing and processing.
After sequencing, we observed information leakage in our data due to sample bleeding.
Having set the right conditions, they were able to "remotely exploit and gain full control over a computer using adversarial synthetic DNA", they note.
"We know that if an adversary has control over the data a computer is processing, it can potentially take over that computer", Tadayoshi Kohno, University of Washington computer science professor, told Wired. "There are a lot of interesting-or threatening may be a better word-applications of this coming in the future", says Peter Ney, a researcher on the project.
Given the nature of the data typically handled, this could be a major issue in future - as the molecular and electronic worlds grow ever-closer, potential interactions between the two loom on the horizon, which no one has hitherto contemplated.
In a paper, the researchers have outlined their technique. What is a DNA sequencing pipeline? To start, they demonstrated a technique that is scientifically fascinating-though arguably not the first thing an adversary might attempt, the researchers say. "Said another way, our exploit is created to compromise a computer program involved in the DNA sequencing pipeline (and a program intentionally modified to include a vulnerability)".
Copies of the DNA were ordered online. But aside from writing that DNA attack code to exploit their artificially vulnerable version of fqzcomp, the researchers also performed a survey of common DNA sequencing software and found three actual buffer overflow vulnerabilities in common programs. These nucleotides are classified by the computers that can read genetic sequencing using letters such as A, C, G, and T. Once data can be processed into an order that carries meaning, you can basically order it so that it carries any message.