I was reading this article on how DNA can be used to infect the computer that is scanning it. I was amazed. I wonder if this would ever get beyond being a research subject.
I seriously doubt that DNA could ever, at least in the short to medium term infect a computer.
To infect a computer you need to get it to run some malicious code. Now we can encode data in many ways and I see no reason why it wouldn’t be possible to encode a computer program or anything else into a DNA molecule. Whether this molecule is stable enough to replicate is a separate issue. The problem is getting the computer to want to run the code.
All computer data is just a sequence of numbers and anything that we can encode as a sequence of numbers can thus be stored on a computer but the computer has to be told this is code to execute for it to have any effect
The article mentioned that it would be computers that are used in scanning DNA that could be infected. I’ll just post what it said as to how, but I will admit it is more than I can understand, so it could be full of holes as far as I know!
So how did we write executable code into a DNA strand in the first place?
First, the researchers decided on the exploit they meant to use. It wasn’t an accident that the scientists picked C for their exploit. C has a well-known set of vulnerabilities in some functions that leave systems open to a classic buffer-overflow attack.
Then, they encoded their snippet of C in a simple cipher, using nucleobases for binary pairs: A = 00, C = 01, G = 10, T = 11.
Computers run on a binary stream of electrical impulses that alternates between OFF and ON: 0 and 1. As a consequence, executable code has to go through the binary state on some level. Reading the DNA sequence got the malicious code into the computer that was doing the read, and from there it took advantage of a buffer overflow and got loose in the system to grab for privileges.
The conversion from ASCII As, Ts, Gs, and Cs into a stream of bits is done in a fixed-size buffer that assumes a reasonable maximum read length.
Four bytes are used to make the conversion function return to the system() function in the C standard library, which executes shell commands, and four more bytes were used to tell system() where the command is in memory.
Basically the structure of DNA is there are 4 bases and to replicate the a DNA molecule splits in two and each base finds its matching pair.
The 4 bases are
A - Adenine, always bonds with T - Thymine
G - Guanine, always bonds with C - Cytosine
If you can build a particular molecule then it is able to reproduce it self because it splits down the middle and because each base has only one partner each spilt results in a second copy plus the original.
in theory you are correct in that if a suitable piece of software is copying data into memory then it could be run but there is no reason to think it would be unless the software is written badly and via a buffer overflow or other mechanism this code is placed into an area where it will be run.
There was one comment on that article: “I’m checking calendar if it is not April 1st?”
I cannot say that I really understood the article. Nor can I say that I really understand why it won’t work! One reason why I posted it was for either conformation of it or how silly the idea is, for I know there are experts here.
It’s not that silly an idea, just highly improbable and very theoretical. Security researchers need to think waaaaay outside the box to outsmart future potential threat models, and this is actually a good one. Encoding data into and decoding data from DNA is an idea that goes back to the '60s, and it’s been successfully performed in the last 5-10 years or so, but it’s an expensive and slow process. Additionally, a buffer overflow exploit really needs to know what it’s trying to exploit, and it’s contingent on whatever software being used to ingest and analyse the DNA strands actually having a vulnerability at the ingestion point.
It’s like saying I could infect an alien SETI programme by intentionally encoding malware into directed signals from ourselves intended to announce our civilisation’s presence. Yes, it’s possible to to the second part, and the first part is theoretically possible, it’s just extremely improbably.
For now.
1 Like