DNA with malicious code

Hackers broke into a computer for the first time through DNA

Grigory Kopiev, N+1

Researchers from For the first time, the University of Washington was able to infect a computer with malware using DNA for this. They modified a popular open–source program used for sequencing in such a way that, under certain conditions, it causes a buffer overflow in it - a popular type of vulnerability that allows arbitrary code to be executed on a computer. By writing malicious code into a DNA molecule, the researchers were able to gain access to a computer that performs DNA analysis. In addition, the researchers found already existing vulnerabilities of this type in the popular Software used in DNA analysis. The study will be presented at the USENIX Security Symposium next week, also reports about it Wired.

Buffer overflow is often used by attackers. Even the first self-propagating network worm used this mechanism as well. It can be explained in a simplified way as follows. Buffer is a certain area of memory allocated to the program for writing data. If the programmer has not provided for checking the size of the input data, the program can start recording the received data outside this memory area. Due to this, an attacker may be able to execute arbitrary code on a computer using the input data.

The same type of vulnerability was used by American researchers in their work. Usually, DNA sequencing data is recorded in FASTQ format. Since such a file can be measured in gigabytes, it is usually compressed by special programs, such as fqzcomp, an open source program. The researchers used the openness of the program and deliberately introduced a vulnerability into it. Then they wrote malicious code into the DNA sequence. As a result, after DNA analysis, the computer began to execute malicious code laid down by scientists. In addition, they investigated other popular programs used when working with DNA, and found three vulnerabilities of this type already existing in them.

Scientists note that while such an attack is difficult to put into practice due to several reasons. For example, DNA can be sequenced in any direction, whereas the code must be executed sequentially. Despite this, researchers believe that such vulnerabilities look intimidating, because potentially in this way attackers can gain access to confidential data or even substitute DNA testing data as part of investigations.

Cybercriminals do not always attack computers head-on. For example, we recently wrote about an unusual attack on the popular AES-256 encryption algorithm. To do this, the researchers "overheard" changes in the electromagnetic field created by the processor during encryption. According to the researchers, such an attack can be carried out even at a distance of a meter from a computer.

Portal "Eternal youth" http://vechnayamolodost.ru  29.08.2017