DNA sequencers are a major security flaw for the biohackers of tomorrow who could take over machines via viruses encoded in DNA.
Researchers have successfully hacked into a computer via a virus encoded in a strand of DNA. DNA sequencers which are democratizing en masse are gaping security holes that could allow the biohackers of tomorrow to loot data from labs or forge DNA tests in the heart of criminal cases.
“ We no longer just have to pay attention to network connectivity, USB sticks or user behavior, but also to the information contained in the DNA that is being sequenced. We must take into account a new type of threat. Tadayoshi Kohno, professor of computer science at the University of Washington knows what he is talking about. He led the team of researchers who successfully hacked into a computer by introducing a computer virus into it through a strand of DNA.
Wired magazine recounts the experience in an article published on August 10, 2017. Biohackers at the University of Washington wondered if the DNA sequencers increasingly used by laboratories could be a vector of contamination by malware. And the answer is yes: they managed to translate the computer code of a malware into DNA language. that, when converted into digital code by the sequencing software, corrupted the program and took control of the machine.
Data theft and criminal cases
Scientists warn against the great vulnerability of laboratories, which today do not take into account this new type of threat. The democratization and proliferation of DNA sequencing in the world makes more and more tempting and credible the use of harmful DNA strands by hackers who could thus enter laboratories, seize valuable intellectual property or even counterfeit DNA tests relating to criminal cases.
"There are a lot of interesting applications - threatening could be a better expression - which will arrive in the future"
Companies could also hide viruses in DNA strands of their GMOs to protect their trade secrets, imagines journalist Andy Greenberg in the Wired . " There are a lot of interesting applications - threatening could be a better expression - which will arrive in the future ", summarizes Peter Ney, researcher involved in the project.
As serious as the threat is in the future, it remains very hypothetical today. The technique is complex, scientists have had great difficulty in mastering it. And yet they only finally succeeded in their hacking by cheating a little: they had introduced a flaw of their own making in the sequencing software so that it could best accommodate their virus. Despite everything, the researchers claim to have detected three security flaws in the "common" software of existing sequencers.
From organic to digital
DNA hacker scientists have used a well-known " exploit " (a term for a program "exploiting" a security hole to take control of a computer or network) known as " buffer overflow ". But translating this feat into DNA has proven particularly difficult. The language by which DNA stores genetic information is the nitrogenous bases, 4 in number and classically denoted A, C, G and T. The genes are encoded by millions of these bases but the sequencers, for them read faster and more efficiently, cut these DNA chains into smaller pieces of just a few hundred bases, which they analyze in parallel.
The researchers therefore managed to overcome all these obstacles and the attack was well transcribed ... in 37% of cases
However, to be functional, the researchers' pirate program must be kept in one piece. The first challenge for biohackers was therefore to condense their virus to fit it into one of the pieces read by the machines. And to complicate matters, they realized that certain ratios of A, C, G and T had to be respected in order for the DNA strand to remain stable. Finally, the “buffer overflow” attack also had to be rewritten so as to remain coherent during its transcription from DNA language to FASTQ computer language in which it had to be translated by the sequencers.
The researchers managed to overcome all these obstacles and the attack was well transcribed ... in 37% of cases. The other copies were either cut in half by the sequencer or read backwards by the latter and thus rendered completely harmless. Scientists suggest to avoid this inconvenience to imagine in the future a version of the virus which is also a palindrome. History to add a little challenge to the case ...
Viruses and bio-cybersecurity
The leading manufacturer of DNA sequencers, Illumina, reacted casually to this experience. “ It's an interesting study on the potential long-term risks. We agree with the introduction of the article which considers that this poses no imminent risk ”, thus affirmed according to the Wired Jason Callahan, chief information officer of the company.
Biotechnologies, and particularly genetic engineering, are becoming increasingly embedded in the digital world. We told you in March 2017 how the storage of data on synthetic DNA was preparing to replace our good old hard drives. Much more durable, much more compact, coding on deoxyribonucleic acid has a promising future. But if computer viruses become viruses - period - biologists will have to rack their brains to invent the bio-cybersecurity of the future.