Bioresearch securityDNA sequencing tools vulnerable to cybersecurity risks

Published 15 August 2017

Rapid improvement in DNA sequencing has sparked a proliferation of medical and genetic tests that promise to reveal everything from one’s ancestry to fitness levels to microorganisms that live in your gut. A new study finds evidence of poor computer security practices used throughout the field. Researchers have also demonstrated for the first time that it is possible — though still challenging — to compromise a computer system with a malicious computer code stored in synthetic DNA. When that DNA is analyzed, the code can become executable malware that attacks the computer system running the software.

Rapid improvement in DNA sequencing has sparked a proliferation of medical and genetic tests that promise to reveal everything from one’s ancestry to fitness levels to microorganisms that live in your gut.

A new study from University of Washington researchers that analyzed the security hygiene of common, open-source DNA processing programs finds evidence of poor computer security practices used throughout the field.

UW says that in the study, which will be presented 17 August in Vancouver, B.C., at the 26th USENIX Security Symposium, the team also demonstrated for the first time that it is possible — though still challenging — to compromise a computer system with a malicious computer code stored in synthetic DNA. When that DNA is analyzed, the code can become executable malware that attacks the computer system running the software.

So far, the researchers stress, there is no evidence of malicious attacks on DNA synthesizing, sequencing and processing services. But their analysis of software used throughout that pipeline found known security gaps that could allow unauthorized parties to gain control of computer systems — potentially giving them access to personal information or even the ability to manipulate DNA results.

“One of the big things we try to do in the computer security community is to avoid a situation where we say, ‘Oh shoot, adversaries are here and knocking on our door and we’re not prepared,’” said co-author Tadayoshi Kohno, professor at the UW’s Paul G. Allen School of Computer Science & Engineering.

“Instead, we’d rather say, ‘Hey, if you continue on your current trajectory, adversaries might show up in ten years. So let’s start a conversation now about how to improve your security before it becomes an issue,’” said Kohno, whose previous research has provoked high-profile discussions about vulnerabilities in emerging technologies, such as internet-connected automobilesand implantable medical devices.

“We don’t want to alarm people or make patients worry about genetic testing, which can yield incredibly valuable information,” said co-author and Allen School associate professor Luis Ceze.  “We do want to give people a heads up that as these molecular and electronic worlds get closer together, there are potential interactions that we haven’t really had to contemplate before.”