
Malware Encoded in DNA Can Hack Gene-Sequencing Software - sprucely
https://www.wired.com/story/malware-dna-hack
======
maxton
> "Rather than exploit an existing vulnerability in the fqzcomp program, as
> real-world hackers do, they modified the program's open-source code to
> insert their own flaw allowing the buffer overflow."

So really, this is not as interesting as the headline would have you believe.
Storing data in DNA is nothing new, and these researchers are just using it as
input to a program that was deliberately written to improperly handle that
data.

~~~
omarforgotpwd
Whats interesting is just the idea that you should sanitize ALL inputs, no
matter how unlikely it is that the input could be malicious.

~~~
taeric
Though, really, is that interesting? Yes, you should treat all input data as
data no matter where it came from. And you should have checks in place to
reject any data that is out of size/whatever constraints for your software.

And for the love of secure software, never blindly execute code from a
serialized source without damned good reasons for thinking that source is
safe.

~~~
icelancer
>Though, really, is that interesting?

Yes. Trusting human DNA is something that WILL absolutely, 100%, no-doubt-
about it happen in the future and you will hear about it. People are good at
finding ways to screw things up.

~~~
taeric
Sorry, the interesting like there was supposed to refer to the advice of
always sanitize inputs. That, by itself is interesting.

Exploring ways it can hurt you in DNA? Yeah, fun thought experiment.

------
andyjohnson0
1\. Gene sequence injects malware to take control of DNA sequencer. 2.
Compromised sequencer searches local network for DNA synthesisers. 3. Malware
modifies synthesiser software to insert novel retrovirus into output DNA. 3.
Wait for DNA to be executed inside a cell.

Stuxnet for DNA.

~~~
rgejman
this is the plot of a sci-fi novel waiting to happen.

~~~
appearsonline
Change Agent by Daniel Suarez is somewhat close:

 _In 2045 Interpol 's Genetic Crime Division grapples with a new type of
crime: illicit genetic editing -- and it isn't long before the fight gets
personal._

------
caf
It makes me wonder if you could create a physical scene that, when
photographed by a digital camera, exploited the camera.

~~~
number6
Or a kind of message or language that when seen by a human or processed by a
brain can crash or exploit it ...

It's also the plot of a good book:

[https://en.wikipedia.org/wiki/Snow_Crash](https://en.wikipedia.org/wiki/Snow_Crash)

~~~
captainmuon
You can use adversarial neural networks to make a special picture that looks
like noise or junk, but a certain neural network will recognize e.g. a dog in
it. You basically train the ANN to make something that the other NN classifies
as dog, but humans don't.

I often wonder if you could do that with humans. I don't think you can crash a
human brain a la Snow Crash or Basilisk, but I think it is plausible to craft
an abstract picture that creates fear, arousal, or some other "primitive"
response.

~~~
digikata
> but I think it is plausible to craft an abstract picture that creates fear,
> arousal, or some other "primitive" response.

Visit a modern art museum - I think one can find many examples.

------
cowpatcallr
A friend showed me that one of those NCIS crime shows already did this.

[https://www.themarysue.com/malware-uploaded-from-bone-
bones/](https://www.themarysue.com/malware-uploaded-from-bone-bones/)

Malware is 3d printed on to a bone they scan in or something.

Reality imitating art I guess.

What a world we live in.

~~~
microcolonel
> we see a character’s computer burst into flames

If we can just get malware that can prompt a personal computer to burst into
flames.

~~~
stephengillie
With thermal throttling, simply stopping the fans and running processors at
100% may not be enough to HCF anymore.

~~~
nayuki
The infamous old video from Tom's Hardware Guide:
[https://www.youtube.com/watch?v=NxNUK3U73SI](https://www.youtube.com/watch?v=NxNUK3U73SI)
"What happens when the CPU cooler is removed?"

------
patrickg_zill
This reminds me of the William Gibson short story, "New Rose Hotel", for some
reason.

~~~
andyjohnson0
_" The diskette in my hand. Rain on the river. I knew, but I couldn't face it.
I put the code for that meningial virus back into your purse and lay down
beside you.

So Moenner died, along with other Hosaka researchers. Including Hiroshi.
Chedanne suffered permanent brain damage.

Hiroshi hadn't worried about contamination. The proteins he punched for were
harmless. So the synthesizer hummed to itself all night long building a virus
to the specifications of Maas Biolabs GmbH. Maas. Small, fast, ruthless -- All
Edge."_

Written in 1981.

------
Andrenid
Little Bobby Tables grew up...

------
maxerickson
Small earlier discussion:
[https://news.ycombinator.com/item?id=14979120](https://news.ycombinator.com/item?id=14979120)

------
Mizza
(As I previously contacted the authors about) - this attack has already been
demonstrated by a very influential VXer, Second Path To Hell, in the 4th issue
of the Valhalla zine:
[http://webcache.googleusercontent.com/search?q=cache:PoFK8uf...](http://webcache.googleusercontent.com/search?q=cache:PoFK8ufxMiIJ:vxheaven.org/lib/vsp48.html+&cd=2&hl=en&ct=clnk&gl=us)

Cool to see it getting academic "recognition" though!

------
null0pointer
Sanitise your inputs!

~~~
IIAOPSW
I assume the lab was sanitized before extracting the DNA.

------
m3kw9
Must be the software detecting certain patterns to trigger certain functions.
Fake the sequence of patterns and you can control some outcomes.

------
paulddraper
Malware Encoded in DNA...a virus, so to speak :D

------
mylons
lol, this is such a bad article -- and kind of a stupid experiment. nobody is
arbitrarily executing pieces of dna as code in a computer.

~~~
empath75
it was a simulated buffer overflow, they weren't just executing DNA sequences.

------
krisives
Clickbait joke based on that stupid show

------
sjg007
Neat. Future bio hackers.

------
nthcolumn
I wanna be fuzzed by you, just you and nobody else but you.

~~~
nthcolumn
Technically this might be accurate? Someone could in theory naturally have a
specific sequence in their DNA which could cause the same effect. Fuzzing
is... oh never mind.

------
honestoHeminway
Getting out of alimoney - getting creative. A manual for the rich.

------
bartwe
Stop writing stuff in c, a language without even the basics of range checked
arrays, actual strings, lists and other collection types.

------
cmurf
_I have sent her dessert, a very special dessert. I wrote it myself. It starts
so simply..._

