Researchers from the University of Washington say they have successfully hacked into a computer using custom strands of DNA for the first time. The researchers used the life-encoding molecule to attack and take over a computer, using strands of DNA to transmit a computer virus from the biological to the digital realm.
The research team led by Tadayoshi Kohno and Luis Ceze from the Paul G Allen school of computer science and engineering at the University of Washington designed and created a synthetic DNA strand that contained malicious computer code encoded in the bases of the DNA strand.
When this physical strand was sequenced and processed by the vulnerable program it gave remote control of the computer doing the processing. This means that they were able to remotely exploit and gain full control over a computer using adversarial synthetic DNA.
The Mystery behind DNA
DNA is fundamentally a way of storing information. Usually, it encodes instructions for making living things—but it can be conscripted for other purposes. Scientists have used DNA to store books, recordings, GIFs, and even an Amazon gift card.
Strands of DNA are made from four building blocks, represented by the letters A, C, G, and T. These letters can be used to represent the 1s and 0s of computer programs. This is what the Washington team did—they converted a piece of malware into physical DNA strands. When those strands were sequenced, the malware launched and compromised the computer that was analyzing the sequences, allowing the team to take control of it.
How It works
To construct the malware, the team translated a computer command into a short stretch of 176 DNA letters. Copies of the DNA were ordered online. This command was designed to target a particular flaw that the team had previously discovered in the DNA processing programme. The synthetic strands were passed through a sequencing machine, which converted the gene letters into binary digits, 0s and 1s.
When this strand was sequenced and processed by the vulnerable program, the code infected the software and took control of the computer doing the processing. The researchers were then able to remotely exploit this machine using adversarial synthetic DNA.
While they did set the right conditions for the exploit to work, including turning off the exploit mitigation features, they were eventually able to gain full control over the target computer.
The results from this study show that it is theoretically possible to produce synthetic DNA that is capable of compromising a computer system. For now, these attacks are difficult in practice because it is challenging to synthesise malicious DNA strands and to find relevant vulnerabilities in DNA processing programs.
The team warned that hackers could in future use fake blood or spit samples to gain access to computers, steal information, or hack medical equipments installed at forensic labs, hospitals and the DNA-based data storage centers. This can allow criminal hackers to gain access to ongoing police investigations, steal information, tamper with forensic evidence, and taint code of genetically modified products.