A new world for hackers: Acoustic side-channel attack
Another factor that enables DNA synthesis information to be stolen is the design of the synthesizers themselves, according to Faezi. “Solenoid valves are placed asymmetrically inside the housing, so when a valve is working in one corner of the box, it makes a completely difference noise than one that’s working in the middle,” he said.
If hackers know which device model is in use, they’ll have one more piece of the puzzle in place.
“Any active machine emits a trace of some form: physical residue, electromagnetic radiation, acoustic noise, etc.,” said study collaborator Philip Brisk, UC Riverside associate professor of computer science & engineering. “The amount of information in these traces is immense, and we have only hit the tip of the iceberg in terms of what we can learn and reverse-engineer from it.”
How your smartphone could be used for illicit listening
Al Faruque, head of UC Irvine’s Advanced Integrated Cyber-Physical Systems Lab, added that the ubiquity of recording devices, such as smartphones, makes the problem even more pervasive.
“Let’s say you’re a good person who works in a lab. I can hack into your phone and essentially hijack it to record sound that I can eventually retrieve,” he said. “Furthermore, some biological labs have acoustic sensors mounted on the walls, and more people are adopting technologies like Google Home or Alexa — all of these can be used to pilfer sounds.”
With their side-channel attack methodology, the researchers said, they can predict each base in a DNA sequence with about 88 percent accuracy, and they’re able to reconstruct short sequences with complete reliability. Their technique functions best when a recording device is placed within a couple feet of a DNA sequencing machine, they said, but the algorithm works even in the presence of noise from an air conditioner or peoples’ voices.
Al Faruque stressed that this sort of attack is too sophisticated for a small-time criminal or terrorist to pull off but is not beyond the capability of state actors. The stakes are high: The global market for synthetic biological products is expected to reach almost $40 billion by 2020. And that market share is expected to grow, particularly in the area of DNA data storage, an application being pursued by heavy-hitting technology companies.
Faezi noted that there are some ways to prevent snooping attacks. Machine designers could arrange the pipes and valves in a way that mitigates the emission of distinct sounds, and the DNA synthesis process can be scrambled and randomized to block hackers from piecing together the intellectual property.
