Malware has been written into DNA for the first time

The fact that our molecular makeup can be adapted feels a little like the scientific community is playing an elaborate practical joke on us, but a team of security researchers working out of the University of Washington has gone one further and managed to hack a computer using code written into a synthesised DNA strand.

The hack was done as a call to arms to the genetic data processing community to ensure best practices, and to prompt a discussion about the regulations around DNA sequencing. 

To understand how they managed to create the DNA malware, you need to know a little about genetic sequencing. Don’t worry, it's not too complicated. 

DNA is built up of foundational units called nucleotides. These nucleotides are classified by the computers that can read genetic sequencing using letters such as A, C, G, and T. Once data can be processed into an order that carries meaning, you can basically order it so that it carries any message.

Don’t panic

Similar techniques have been used to store data on DNA, but in this instance the team encoded the sequence with a piece of malware that it knew would infect the computer. This is significant because it had created the exploit it was aiming for and then reverse engineered the malware.

This does mean that in order for someone with malicious intent to actually use this technique they would have to know an exploit and then work towards it. In the paper, the team goes so far as to say: “We have no reason to believe that there have been any attacks against DNA sequencing or analysis programs.”

But this is the point of the work that security researchers do: to head off issues before they happen. Speaking to TechCrunch, professor Tadayoshi Kohno, who has a history of working on unusual attacks for embedded devices like pacemakers, had this to say:

“One of the big things we try to do in the computer security community is to avoid a situation where we say, ‘Oh shoot, adversaries are here and knocking on our door and we’re not prepared‘.”

The paper was published at the 2017 USENIX Security Symposium in Canada, and like we say, was rallying cry for greater regulation, but if we do hear anything more about biohacking (as we’re calling it) we’ll let you know. 

Andrew London

Andrew London is a writer at Velocity Partners. Prior to Velocity Partners, he was a staff writer at Future plc.