Story image

Malware in your DNA sequence data? Technically, it’s possible

11 Aug 2017

Could hackers exploit your DNA sequence and encode it with malware? A new study from the University of Washington says yes, it’s possible – and may be a look into the future of science security.

A new research paper, called Computer Security, Privacy and DNA Sequencing, looks at how malware creators could potentially take DNA sequencing information, lace it with malware and then infect scientific computers.

Modern DNA sequencing techniques are able to run hundreds of millions of DNA strands at any one time, and the computing power behind those techniques must process, analyse and store those strand sequences.

The research paper, written by Peter Ney, Karl Koscher, Lee Organick, Luis Ceze and Tadayoshi Kohno, says that while it hasn’t yet been a target for adversaries, there is a real change it could happen in future.

Many open source DNA processing programs were written in languages known to have security problems such as C and C++, and the researchers say that security sequencing is not up to scratch when it comes to defending against cyber attackers.

“We stress that our target modified program has a known, and in some sense trivial, vulnerability. We also stress that its environment is in many ways the “best possible” environment for an adversary,” the researchers say in their report.

It is entirely possible to create synthetic DNA strands with malicious computer code. That code could then remotely give full control of the computer to attackers.

Researchers say that some DNA sequencing programs have been developed by specific research communities so it would be difficult for attackers to take advantage of these programs, but theoretically it is possible.

“Although used broadly by biology researchers, many of these programs are written by small research groups and thus have likely not been subjected to serious adversarial pressure. We therefore hypothesize that the rate of serious vulnerabilities will be higher here than in more mature software (e.g., Internet services).”

Researchers also say that as DNA sequencing becomes cheaper, it also brings more opportunities for attackers. Wet labs as a service, in which non-experts can use lab techniques, could also increase the possibility of attack. Finally storing DNA sequence data in cloud services also poses risks.

However, the researchers say that there’s no reason for concern – yet.

“We again stress that there is no cause for people to be alarmed today, but we also encourage the DNA sequencing community to proactively address computer security risks before any adversaries manifest. That said, it is time to improve the state of DNA security,” a statement concludes.

Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Online attackers abusing Kiwis' generosity in wake of Chch tragedy
It doesn’t take some people long to abuse people’s kindness and generosity in a time of mourning.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."