William Gibson called and said, “I told you so.” At least I assume he did. I know I would if I were him, but I’m not as cool as William Gibson in the first place, so whatevs.
In any event, some researchers crafted a strand of DNA to make it not-quite-living malware. For real. University of Washington researchers figured out how to make the strand stable, while at the same time encoded in a way that would take over a DNA analyzer computer.
Why would that matter? If malicious actors controlled a DNA analyzer, they could directly affect analysis. Think misdiagnosis to cause harm, evidence tampering, or even information extortion. For instance, “Hello Congressman, you have cancer. Send 10 bitcoins to this address or we will announce it to the world.”
Better yet, it wouldn’t even have to be true to be exploitable.
Oh, but wait! There’s more! What else is stored on that computer? Would it have value to a competitor? There’s one way to find out. How about the external drives attached to the computer? What’s on them? What could you put on them? What’s on the USB thumb drive plugged into it? Well, if there’s nothing useful, you could always stash some malware that would allow you to take over the next computer, too. How about everything else on the network?
You probably get the idea. There’s no end to mischief this kind of attack vector could lead to, and it’s straight out cyberpunk canon going back to the 1990s.
Mind you, this is proof-of-concept stuff the researchers plan to present Thursday at the USENIX Security conference. But, “There are a lot of interesting—or threatening may be a better word—applications of this coming in the future,” Peter Ney, a researcher on the project, told Wired. DNA isn’t going to be taking over biomedical companies any time soon.
But it’s often only a matter of time, money, and effort to go from proof-of-concept to OMG THEY’RE IN THE CODE! Or maybe that was a cyberpunk novel I read once. Either way, this is fascinating, scary, and amazing, all at the same time. Wired has an in-depth writeup of the specific methods.