Blurring the Boundaries: DNA Hacking
Benchmarks in the perpetual blurring between science fiction and reality are constantly being reached. Last week, another made news when researchers from the University of Washington announced they had successfully used actual DNA to hack into a computer system. Although the potential for using DNA for data storage had been shown last year, in this instance Tadayoshi Kohno and Luis Ceze were able to encode malware on synthetic DNA strands that they engineered. Once analyzed by vulnerable gene sequencing software, the strands became the vector to allow remote control over the system.
“Note that there is not present cause for alarm about present-day threats,” said the researchers, clarifying, “We have no evidence to believe that the security of DNA sequencing or DNA data in general is currently under attack.” Rather, this was a demonstration to highlight potential weaknesses in current DNA analysis software. Such open-source sequencing software doesn’t always adhere to the best security practices or protections. Anticipating future threats and adversaries was thus the main goal of the study.
Technological development in cases like this sometimes seems to be a story of convergence between the digital and the real worlds. DNA is chemistry—its component bases (adenine, cytosine, guanine and thymine) the building blocks of life that we analogize as computer code. Now, evidently, its capacity to host actual code has become possible. Not only does this story provide the demonstration, but in July, Harvard scientists were even able to embed film in DNA, to test the potential of living cells to host molecular data recorders. Research such as this could have vast applications and implications. Personally, though, I wouldn’t want to be the first dystopian human camera.
For the more immediate concerns of security and data loss prevention, this represents but another area of potential access for hackers to infiltrate. With organizations striving to update their technology and policies to establish strong data loss prevention frameworks in accord with current industry and regulatory standards, nothing should be overlooked. Known risks already exist when it comes to portable storage devices, online applications and mobile devices. Even in the most unlikely places, however, we see how security flaws can be found.