University of Washington researchers find DNA transcription data can be hacked

news
11 August 2017

A multidisciplinary team at the University of Washington has found that the security infrastructure around DNA transcription and analysis was inadequate.

The team came across elementary vulnerabilities in open-source software used in labs around the world.

According to commentators, in view of the nature of the data usually being handled, this could be a serious problem in future.

Though they were able to demonstrate the weakness of the systems with the usual malware and remote access tools, as discriminating security professional they preferred to stay ahead of the game.

''One of the big things we try to do in the computer security community is to avoid a situation where we say, 'Oh shoot, adversaries are here and knocking on our door and we're not prepared,' '' said professor Tadayoshi Kohno, who has a history of pursuing unusual attack vectors for embedded and niche electronics like pacemakers, TechCrunch reported.

The researchers turned a snippet of malicious computer code into a string of synthetic DNA, and then used it to take control of a computer that was programmed for searching patterns in the raw files that emerge from DNA sequencing.

They also uncovered known security gaps in many of the open-source software programs that are used to analyse DNA sequencing data.

The findings from UW's Security and Privacy Research Lab and Molecular Information Systems Lab will be presented on 17 August in Vancouver, BC, at the 26th USENIX Security Symposium.

According to the researchers though, there was no way evildoers could take advantage could of molecular malware today as DNA data processing is still only in the experimental stage. But they said the cybersecurity angle should not be ignored as DNA-based computing progressed.

According to Konho and his colleagues, if the vulnerabilities were not addressed, it might become possible one day to hack into a DNA database and steal valuable medical information, or plant false information about a person's genetic profile.





 search domain-b
  go