Researchers at the University of Washington encoded malware in DNA and used it to infiltrate a computer system. The demonstration exposed vulnerabilities in the process of DNA sequencing, which is increasingly being used by consumers and patients, and adds to the list of cybersecurity challenges facing the health care system.
- What they did: When DNA is sequenced, the four molecules that make up genetic code (A, C, T and G, for short) are translated to the 0s and 1s that computers use to store information and execute commands. Computer scientists synthesized DNA that, in the process of being sequenced and analyzed, created a file that allowed them access to the computer performing the DNA analysis.
- Yes, but... The researchers deliberately put a vulnerability in the sequencing software in order to access it. "Their exploit is basically unrealistic," programmer Yaniv Erlich told Technology Review. Still, they demonstrated a DNA-based attack is theoretically possible.
- The threat: Minimal as of now, say the researchers. DNA sequencing continues to fall in cost and become more common in health care. As the Atlantic's Ed Yong puts it: "But with great ubiquity comes great vulnerability."
Bottom line: "We strongly encourage additional research before such adversarial pressure manifests," write the researchers.