It is now possible to infect a computer using malware coded into DNA - Sensationalist Headlines

[quote]You probably don’t have to worry about this particular threat vector any time soon. That said, the possibilities suggested by this project are equally fascinating and terrifying to contemplate. DNA is basically life’s file system. The analysis programs are reading a DNA strand’s bases (cytosine, thymine etc, the A, T, G, and C we all know) and turning them into binary data. Suppose those nucleotides were encoding binary data in the first place? After all, it’s been done before Here’s how they did it. All you really need to know about the transcription application is that it reads the raw data coming from the transcription process and sorts through it, looking for patterns and converting the base sequences it finds into binary code. [i]“The conversion from ASCII As, Ts, Gs, and Cs into a stream of bits is done in a fixed-size buffer that assumes a reasonable maximum read length,”[/i] explained co-author Karl Koscher in response to my requests for more technical information. That makes it ripe for a basic buffer overflow attack in which programs execute arbitrary code because it falls outside expected parameters. (They cheated a little by introducing a particular vulnerability into the software themselves, but they also point out that similar ones are present elsewhere, just not as conveniently for purposes of demonstration.) [i]“The exploit was 176 bases long,”[/i] Koscher wrote. [i]“The compression program translates each base into two bits, which are packed together, resulting in a 44 byte exploit when translated.”[/i] Given that there are 4 bases, it would make sense to have each represent a binary pair. Koscher confirmed this was the case. (If you’re curious, as I was: A=00, C=01, G=10, T=11.) [i]“However, getting the malicious DNA strand from a doctored sample into the sequencer is very difficult with many technical challenges,”[/i] he continued. [i]“Even if you were successfully able to get it into the sequencer for sequencing, it might not be in any usable shape (it might be too fragmented to be read usefully, for example).”[/i][/quote] Fantasies and speculations about possible future innovations and threats now also comes in ASCII format. [url]https://techcrunch.com/2017/08/09/malicious-code-written-into-dna-infects-the-computer-that-reads-it/[/url]

my DNA is formatted in FAT32 is this a problem? All in all though, why is this useful?

After all these years of jacking off onto my boss's keyboard after everyone has left the office, I can finally now call myself a hacker.

[quote]“However, getting the malicious DNA strand from a doctored sample into the sequencer is very difficult with many technical challenges,” he continued. “Even if you were successfully able to get it into the sequencer for sequencing, it might not be in any usable shape (it might be too fragmented to be read usefully, for example).”[/quote] So DNA uses some form of a checksum that would prevent readback in an altered state? (???)

Dickbutt drawn into my DNA when

[QUOTE]They cheated a little by introducing a particular vulnerability into the software themselves, but they also point out that similar ones are present elsewhere, just not as conveniently for purposes of demonstration.[/QUOTE] Is it just me or is using your own vulnerability not really as impressive

I swear this was in an episode of Bones.

[QUOTE=Snickerdoodle;52560408]Is it just me or is using your own vulnerability not really as impressive[/QUOTE] Actual physical proof on concept is there, even if it has a low success chance and was easier in the test. With time things evolve and could have higher success without "cheating". Although the practical applications for this seems to be some Sci-Fi plot or so. Imagine special planted DNA besides the villains DNA but as soon as they scan the planted one the system gets hacked secretly and frames another person while deleting the actual evidence. Perfect crime, well not really but :v: . Unusual, impractical attack vector on a computer system, I find it neat even if it is basically useless.

As soon as I read the title, I knew it would be buffer overflow related and thus makes this way less cool than the title implies in my eyes. Having even a beginner's level of knowledge on how that kind of thing works, and how it's the most common vulnerability in so many systems and programs the world over, makes stuff like this sound less "ooh spooky" and more "meh. whatever." But I'm probably being a know-it-all party pooper right now. Little disappointed but hey. Knowing about even the most out-of-the-way attack vectors is important I suppose.

[QUOTE=Mitsuma;52560573]Actual physical proof on concept is there, even if it has a low success chance and was easier in the test. With time things evolve and could have higher success without "cheating". Although the practical applications for this seems to be some Sci-Fi plot or so. Imagine special planted DNA besides the villains DNA but as soon as they scan the planted one the system gets hacked secretly and frames another person while deleting the actual evidence. Perfect crime, well not really but :v: . Unusual, impractical attack vector on a computer system, I find it neat even if it is basically useless.[/QUOTE] This isn't really interesting to me. DNA is just another form of input. The exploit is just another buffer overflow in another shitty parser. And they intentionally made the parser shitty. Don't see how you can see it any other way.

[QUOTE=Faunze;52560191]After all these years of jacking off onto my boss's keyboard after everyone has left the office, I can finally now call myself a hacker.[/QUOTE] I'm glad I'm not the only one who does this

[QUOTE=zeromancer;52560190]All in all though, why is this useful?[/QUOTE] Usually used to have a better understanding and reference for genetic security, but nothing they haven't done already. As a whole, it is hard to put a tittle that doesn't make it sound more than it is. Interesting if you think they started from nucleotides for a malware, but it is doing the same job of any other software designed for the same purpose. Not quite useful right now, sadly. Call it a curious new way to attack a computer for now. Nothing out of an "eh", generally speaking.

oh great someone found an exploit in dna sequencing machines....machines that almost certainly are not on the internet. its not really suprising, they already have about a 50/50 chance of just crashing those dedicated pieces of software instead. like they're really sensative and not exactly bug proofed, cas in point, when a salesperson was demoing some analyzer software to me a while ago, he hit two buttons out of sequence and the thing crashed, the manual even lists combinations of actions that will crash the program. even in my own daily use i've had software randomly ramp up temperatures and various other weird things like a thermocouple insist its in the heart of a supernova when connected to the machine but read perfectly fine on our testing devices

This was so basic I am not even sure it deserved an article.

The attack sequence was [code]T-A-C-G-T-C-C"); DROP TABLE DNA;[/code]