Biopunk is a sub-genre of science fiction that uses concepts from synthetic biology to narrate possible wonders – and threats that can put humanity at risk. A team of biologists and security researchers was able to prove the real existence of a danger worthy of one of these narratives.
They were able to successfully infect a computer with malware encoded in a stretch of DNA. The feat, which sounds like science fiction, is as fascinating as it is scary. Fortunately, we do not need to worry too much about this kind of threat for now. So it’s worth checking out how this was possible.
The University of Washington’s multidisciplinary team was concerned about problems in transcription security security and DNA analysis. They found elemental vulnerabilities in open source software used in laboratories around the world, and this could be a serious problem in the future.
But instead of demonstrating possible usual attacks that can be carried out, they have decided to go further and predict future types of threats. So, they made a prediction that several science fiction writers did in the past.
It turns out that DNA is basically the filesystem of life, and the analysis programs are reading the bases of a DNA chain and transforming them into binary data.
Imagine then what could be done if nucleotides (nucleic acid building blocks – DNA and RNA) encoded binary data.
DNA is composed of four nitrogenous bases: adenine, cytosine, guanine and thymine (or A, C, G and T), and what such transcription programs do is transcribe them into bits. Thus, each of them is converted into two bits: A turns 00, C turns 01, G turns 10 and T turns 11.
Essentially, the problem is when the code in DNA escapes to the program as soon as it is converted from ACGT to 00011011 and executes some commands in the system. This is a demonstration that is effective enough to prove this kind of threat. Since an equal number of bases are read at a time, the system is vulnerable to buffer overflow attacks.
To prove in practice, the researchers created a genetic code of 176 bases (which would be converted to 352 bits) that exploits this fragility of the system when being used in the software to be transcribed.
What kinds of threats could this pose? Lee Organick, one of the scientists who participated in the research, said that this attack technically could create a bacterium capable of destroying robots.
The probability of such an attack really is very low, but this is a milestone in security research into the consequences of the growing intersection between digital and biological.