DateCategoryNews

DNA sequencing tools lack robust protections against cybersecurity risks

Rapid improvement in DNA sequencing has sparked a proliferation of medical and genetic tests that promise to reveal everything from one’s ancestry to fitness levels to microorganisms that live in your gut. A new study from University of Washington researchers that analyzed the security hygiene of common, open-source DNA processing programs finds evidence of poor computer security practices used throughout the field. In the study, which will be presented Aug. 17 in Vancouver, B.C., at the 26th USENIX Security Symposium, the team also demonstrated for the first time that it is possible — though still challenging — to compromise a computer system with a malicious computer code stored in synthetic DNA. When that DNA is analyzed, the code can become executable malware that attacks the computer system running the software. So far, the researchers stress, there’s no evidence of malicious attacks on DNA synthesizing, sequencing and processing services. But their analysis of software used throughout that pipeline found known security gaps that could allow unauthorized parties to gain control of computer systems — potentially giving them access to personal information or even the ability to manipulate DNA results. “One of the big things we try to do in the computer security community is to avoid a situation where we say, ‘Oh shoot, adversaries are here and knocking on our door and we’re not prepared,’” said co-author Tadayoshi Kohno, professor at the UW’s Paul G. Allen School of Computer Science & Engineering. “Instead, we’d rather say, ‘Hey, if you continue on your current trajectory, adversaries might show up in 10 years. So let’s start a conversation now about how to improve your security before it becomes an issue,’” said Kohno, whose previous research has provoked high-profile discussions about vulnerabilities in emerging technologies, such as internet-connected automobiles and implantable medical devices.”

Link