Malware encoded in DNA hacks Gene-Sequencer

Ich hatte hier schon öfter über DNA als Speicher geschrieben, GIFs, ein OKGo-Album, Wikipedia-Kunst, Gedichte und sogar Urheberrechtsverletzungen wurden alle bereits in Genesequenzen verschlüsselt.

Dem kann man jetzt Malware hinzufügen und noch großartiger: Die DNA-Malware funktioniert und hackt Gen-Sequenzer, wenn die „befallene“ DNA von ihm bearbeitet wird. Die gute Nachricht: Der Hack funktioniert nur in 37% aller Fälle, weil DNA naturgemäß mutiert und die encodierte Software deshalb „auf Überleben stabilisiert“ werden muss, darüber hinaus geben die Forscher selbst zu, der „exploit is basically unrealistic“. Die noch bessere Nachricht dennoch: This is cyberpunk af. Und die geilste Nachricht: Die nächste Version der DNA-Malware kommt möglicherweise als DNA-Palindrom.

Paper: Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More (PDF)

When the researchers sent their carefully crafted attack to the DNA synthesis service Integrated DNA Technologies in the form of As, Ts, Gs, and Cs, they found that DNA has other physical restrictions too. For their DNA sample to remain stable, they had to maintain a certain ratio of Gs and Cs to As and Ts, because the natural stability of DNA depends on a regular proportion of A-T and G-C pairs. And while a buffer overflow often involves using the same strings of data repeatedly, doing so in this case caused the DNA strand to fold in on itself. All of that meant the group had to repeatedly rewrite their exploit code to find a form that could also survive as actual DNA, which the synthesis service would ultimately send them in a finger-sized plastic vial in the mail.

The result, finally, was a piece of attack software that could survive the translation from physical DNA to the digital format, known as FASTQ, that's used to store the DNA sequence. And when that FASTQ file is compressed with a common compression program known as fqzcomp—FASTQ files are often compressed because they can stretch to gigabytes of text—it hacks that compression software with its buffer overflow exploit, breaking out of the program and into the memory of the computer running the software to run its own arbitrary commands.

Even then, the attack was fully translated only about 37 percent of the time, since the sequencer's parallel processing often cut it short or—another hazard of writing code in a physical object—the program decoded it backward. (A strand of DNA can be sequenced in either direction, but code is meant to be read in only one. The researchers suggest in their paper that future, improved versions of the attack might be crafted as a palindrome.)