Researchers studying potential security issues surrounding open-source computer programs used to analyze DNA have found that most common sequencing software is the subject of poor security practices, leaving such systems open to cyberattacks and exploits. While the researchers haven’t found any evidence of attacks made against DNA synthesizing, sequencing and processing services, they did find that it is possible to encode a computer virus into synthetic DNA that could conceivably infect the computer that is analyzing this altered genetic code.
A direct computer-to-computer attack is a far more likely scenario, given the challenges involved in trying to encode a digital virus into a DNA sequence. As it stands, computer systems used for DNA analysis and synthesis are vulnerable to attack, meaning hackers could access personal data, or even alter DNA test results.
"We don’t want to alarm people or make patients worry about genetic testing, which can yield incredibly valuable information," cautions Luis Ceze, study co-author and an associate professor at the University of Washington’s Paul G. Allen School of Computer Science & Engineering. "We do want to give people a heads up that as these molecular and electronic worlds get closer together, there are potential interactions that we haven’t really had to contemplate before."
And those potential interactions included the possibility of conducting a computer attack using DNA that was encoded with a computer virus — remember that 1 gram of DNA is estimated to be able to store 215 petabytes (215 million gigabytes) of digital data. The research team found a way to demonstrate such an attack, by first introducing a known exploit into a program used to analyze DNA for particular patterns to test the concept with.
The attacker would encode the computer virus into a strand of the DNA that the program would be looking for, and when the software analyses the infected DNA, it takes on the computer virus too. From there, the implanted virus would act like any other computer virus, worm or malware, allowing the attacker access to personal information, intellectual property, and would even be able to alter internal information such as DNA test results.
But such an endeavor would be a difficult one. "To be clear, there are lots of challenges involved," explains co-author Lee Organick, a research scientist in the Molecular Information Systems Lab. "Even if someone wanted to do this maliciously, it might not work. But we found it is possible." Because of their work, UW Molecular Information Systems Lab’s synthetic DNA data storage project does not suffer from the vulnerabilities that their study uncovered.