DNA Can Carry Malicious Code, Infecting Networks

Any sci-fi fans who just read that headline will be disappointed to find out this is not the next film adaptation of a Hugo-winning novel. Instead, it’s the subject of a very different kind of writing: a research paper by a team from University of Washington in Seattle. The researchers pondered the idea of inserting malicious code into the nucleotide sequences of bacterial DNA, then investigating whether that code could inject itself into a computer that was analyzing the DNA.

And the answer was yes.

Even someone with just a basic high school biology class level of understanding is probably intrigued, wondering how the researchers got a computer to “read” the code in the first place. Mohit Kumar for TheHackerNews had one of the best everyday-language explanations for the process:

“To create the biological malware, the researchers translated a simple computer program into a short stretch of 176 DNA letters, denoted as A, G, C, and T, each representing a binary pair (A=00, C=01, G=10, T=11). The exploit took advantage of a basic buffer overflow attack, in which a software program executes the malicious command because it falls outside maximum length. The command then contacted a server controlled by the team, from where the researchers took control of a computer in their laboratory they were using to analyse the DNA file.”

And there it is. While this is ominous news to some people, in this instance, the project is a clear demonstration of security researchers trying to stay a step ahead of cyber-based vulnerabilities. There has been no reported threat of this kind, but rather, a what-if scenario based on the sheer capability and creativity of cybercriminals. What this does clearly demonstrate is that the software the powers DNA analysis–something society relies on for a wide variety of scientific and judicial reasons–has not caught up with the anti-virus times.