New Hacking Method Discovered – Biological Malware
This post is also available in: 
עברית (Hebrew)
In what appears to be the first successful hack of a software program using DNA, researchers explained that the biological malware they inserted into a genetic molecule allowed them to take control of a computer, used to analyze it. The biological malware was created by scientists at the University of Washington in Seattle, who call it the first “DNA-based exploit of a computer system”.
To carry out the hack the researchers, led by Tadayoshi Kohno and Luis Ceze, encoded malicious software in a short stretch of DNA they purchased online. They then used it to gain “full control” over a computer that tried to process the genetic data after it was read by a DNA sequencing machine. The researchers warn that hackers could one day use fake blood or spit samples to gain access to university computers, steal information from police forensics labs, or infect genome files shared by scientists.
For now, according to technologyreview.com, DNA malware doesn’t pose much of a security risk. The researchers admit that to pull off their intrusion, they created the “best possible” chances of success by disabling security features and even adding a vulnerability to a little-used bioinformatics program.
To make the malware, the team translated a simple computer command into a short stretch of 176 DNA letters. After ordering copies of the DNA from a vendor for $89, they fed the strands to a sequencing machine, which read off the gene letters, storing them as binary digits, 0s and 1s. Yaniv Erlich, a geneticist and programmer who is chief scientific officer of MyHeritage.com, a genealogy website said when data exceeds a storage buffer it can be interpreted as a computer command. In this case, the command contacted a server controlled by Kohno’s team, from which they took control of a computer in their lab they were using to analyze the MyHeritage.comfile.
Companies that manufacture synthetic DNA strands and mail them to scientists are already on the alert for bioterrorists. In the future, the researchers suggest, they might also have to start checking DNA sequences for computer threats. The University of Washington team also cautions that hackers could use more conventional means to target people’s genetic data, precisely because it is increasingly appearing online.
