This was to be expected from the very moment when scientists learned to download digital information inside deoxyribonucleic acid macromolecules. For the first time, researchers succeeded in infecting a computer with a virus that analyzed DNA into which malicious program code was introduced. It seems that we are all waiting for an exciting biopank future, where absolutely everything can be hacked, including the main repository of genetic information of any biological organism.
A team of scientists from the University of Washington did not plan to get into the news columns of science portals. But it looks like it was inevitable. They were worried about the safety of the process of transcription and DNA analysis, because this difficult task is based on open source software. Moreover, hundreds of laboratories around the world use this software. If attackers manage to load malicious code into the system, very expensive analyzes, to put it mildly, will be covered with a copper basin.
Of course, the researchers could demonstrate the vulnerability of the system using more traditional methods. For example, use tools for remote access over the Internet. But the scientists decided to go a little further in their experiment. It was decided to use DNA as the carrier of the malicious code, the source material that the analyzer system has to deal with every day.
“Our main task was to try to avoid situations where a criminal would knock on our door, and we would be completely unprepared for this,” says Professor Tadayoshi Kono, who has been researching the security of embedded and niche electronics for many years, including expensive scientific instruments.
The software of scientific equipment is designed in such a way that it converts data obtained from DNA into binary data. The bitstream is stored in a fixed-size buffer with a reasonable maximum read length. This exposes attackers to an underlying data buffer overflow vulnerability, in which software executes fake malicious code. Even if the experiment did not use a "computer virus" in its classical sense, the executed code was very close to that. After all, with its help, scientists managed to gain access to computer control.
The researchers are very hopeful that they will be able to convey this important information to the scientific community. After all, if expensive research equipment is so vulnerable that it can be hacked even at the DNA level, many studies may be in jeopardy. And this does not bode well for humanity. Scientists will present the results of their experiment to the general public at the USENIX Security conference, which will be held next week in Vancouver.
Sergey Gray