The malicious code attached to the DNA infects the computer itself

As a utopia, a group of biologists and security researchers succeeded in infecting a computer with a malicious program encoded on the DNA sequence.

That seems like taking in a sci-fi movie, but that's the truth; although we do not necessarily have to worry too much about this threat in the near future. The possibilities proposed from this project are worth pondering.

According to TechCrunch N, the multidisciplinary research team from Washington University is concerned that the infrastructure of security around DNA replication and analysis is incomplete, they have discovered vulnerabilities. Basic in open source software is used in laboratories around the world. Due to the nature of the data that is often processed, this can be a serious problem.

Certainly, they can prove the weakness of the system with common malware and remote tools. That's how the attacker has authority to infiltrate the system. But security experts have taken a step forward.

Professor Tadayoshi Kohno said: "One of the great things we try to do in the computer security community is to avoid situations where we have to say" the enemy is here, preparing to attack. , and we are still not prepared "". He has a history of pursuing unusual attack vectors for integrated electronic devices such as pacemakers.

Luis Ceze, a co-author of the study, said: "When the molecular and electronic worlds are closer together, there are potential interactions that we have not really thought about before."

Accordingly, they have made great leaps from what past sci-fi scientists have done, and now they are exploring through tools like CRISPR: DNA is the basic file system. of life. Analytical programs are reading the database of DNA sequences (Cytosine, Thymine, A, T, G, C we know) and making them binary data. Suppose those nucleosomes encode binary data in the first place? After all, it was done before.

Science crazy

This is how they did it. All you really need to know about transcription applications is to read raw data from the copying and sorting process, search for patterns and convert the base ranges that it finds into binary code.

"The conversion from ASCII As, Ts, Gs, and Cs to a bit stream is done in a buffer of a fixed size that is of reasonable maximum length," explains co-author Karl Koscher .

That creates a buffer overflow attack, in which the program executes arbitrary code because it falls outside the expected parameters. (They lied a bit by introducing a special flaw in the software, but they also pointed out that similar things are available elsewhere, not convenient for demonstration purposes).

After thoroughly developing, including the executable code in the base sequence, they will perform the extraction themselves. Ironically, it is incorrect to be called a Virus , although the "Virus" concept is closest to it than any malicious code ever written.

Koscher writes: "The exploitation is based on 176 bases. The program compresses the base part into two bits, then encapsulates it, resulting in 44 bytes of translation." He thinks that there are 4 bases, it will make sense to have each represent a binary pair. (A = 00, C = 01, G = 10, T = 11). "Most of these bytes are used to encode ASCII shell commands" - he continued. "The four bytes used to make the conversion function return to the system function in the C drive standard library, it executes shell and other four-byte commands used to locate the system where this command is in memory ".

Basically, the DNA code exits the program as soon as it is converted from ACGTs to 00011011 and executes some commands in the system - a complete demonstration of the existence of vector threats. And there's plenty of room for other code to do more than just exit the application.

Lee Organick, a researcher who worked for the project, said: "At base 176, the DNA fragment including extraction is" according to most "biological standards".

Biopunk future has been confirmed

Pursuing the main directives of science journalists, more questions were asked for the team."Can such a load be distributed through, for example, a specimen of blood or even directly from a person's body? One can imagine that a person has deadly DNA for the computer is less secure ".

Organick has raised fears. He wrote: "A biological specimen can be used as a vector for toxic DNA after being sorted and processed. However, taking toxic DNA from a specimen is very difficult with many challenges. Even if you succeed in putting it in the sort order, it may be unusable (for example, it may be fragmented) ". Organick said: "We want scientists to think about this, so that they can ensure the DNA analysis software they write has the appropriate safety standards to not become an attack target of a vector ".

Koscher added: "It would be wise to run these applications with some sort of isolation (in containers, virtual machines, etc.) to limit possible damages. Many of these applications also is run as public cloud services, and I will prioritize these cases ".

The likelihood of an attack like this actually pulled out is negligible, but it is a symbolic mark of increasing overlap between digital and biological.

Researchers will present their findings and procedures next week at the USENIX Security Conference in Vancouver.