Scientists at the University of Washington in Seattle, have successfully been able to code a malware program into a DNA sample and use it to hack into a computer that was studying it.
By doing this, they have exposed a weakness in systems that could lead to hackers taking control of computers in research centres, universities and laboratories, reports MIT technology review. Researchers are calling this the first "DNA-based exploit of a computer system."
Scientists Tadayoshi Kohno and Luiz Ceze purchased a DNA sample online and encoded their malicious software into it. They then fed this sample into a computer through a DNA sequencing machine that began decoding the sample. Soon after, researchers were able to gain full control over the computer used, according to the report.
Encoding this malware was done by ordering copies of DNA off the internet and feeding the strands into a sequencing machine. The DNA sample reportedly cost only $89 (£68). Software that reads DNA will translate gene letters into binary digits of 0 and 1. A malware program was then translated into a simple computer command of 176 DNA letters, denoted by A, C, and G and embedded into the DNA sample.
The attack itself took advantage of a loophole in the system that allowed the excess code to be interpreted as a command. In this case, the command was to contact another computer operated by the research team who were able to easily take over the host system that was analysing DNA, it was reported.
Vendors and companies that manufacture synthetic DNA strands are reportedly on alert for bioterrorists and the researchers have suggested that they might have to check samples for threats in future.
Using a fake blood, mucous, or urine sample, it might be possible for hackers to gain access to and take over entire systems, warned the scientists. Using an approach similar to this, hackers might even be able to get into police and other such law enforcement labs, they added.
While a hack like this is a possibility, scientists also added that they made it easy to pull off because of the way in which it was carried out, basically keeping computers open to threats by disabling all security features. Kohno pointed out through this exercise that an attack like this was possible to pull off.
"We look at emerging technologies and ask if there are upcoming security threats that might manifest, so the idea is to get ahead," says Peter Ney, a graduate student in Kohno's Security and Privacy Research Lab.
According to the report, the University of Washington team warned that hackers might have access to DNA data from mobile apps and people's online habits as DNA samples are apparently becoming easier to source. They also said that computers and programs used to read DNA samples are not always actively maintained or updated.