Slashdot Mirror
Scientists Create DNA-Based Exploit of a Computer System (technologyreview.com)
Archeron writes: It seems that scientists at University of Washington in Seattle have managed to encode malware into genomic data, allowing them to gain full access to a computer being used to analyze the data. While this may be a highly contrived attack scenario, it does ask the question whether we pay sufficient attention to data-driven exploits, especially where the data is instrument-derived. What other systems could be vulnerable to a tampered raw data source? Perhaps audio and RF analysis systems?
MIT Technology Review reports: "To carry out the hack, researchers led by Tadayoshi Kohno and Luis Ceze encoded malicious software in a short stretch of DNA they purchased online. They then used it to gain 'full control' over a computer that tried to process the genetic data after it was read by a DNA sequencing machine. The researchers warn that hackers could one day use faked blood or spit samples to gain access to university computers, steal information from police forensics labs, or infect genome files shared by scientists. To make the malware, the team translated a simple computer command into a short stretch of 176 DNA letters, denoted as A, G, C, and T. After ordering copies of the DNA from a vendor for $89, they fed the strands to a sequencing machine, which read off the gene letters, storing them as binary digits, 0s and 1s. Yaniv Erlich, a geneticist and programmer who is chief scientific officer of MyHertige.com, a genealogy website, says the attack took advantage of a spill-over effect, when data that exceeds a storage buffer can be interpreted as a computer command. In this case, the command contacted a server controlled by Kohno's team, from which they took control of a computer in their lab they were using to analyze the DNA file." You can read their paper here.
So scientists at UofW have run out of science to research and have instead become hackers and written a paper about it? Message seems to be: UofW would be a bad place to pursue one's career.
Or whinge and whimper?
Sloppy programming
"the attack took advantage of a spill-over effect, when data that exceeds a storage buffer can be interpreted as a computer command."
It took you an entire sentence to describe a buffer overflow.
Talk about hype for bullshit's sake. Fix the fucking obvious.
Why would the analysis program execute the information contained in the DNA? I understand that they back-doored the program for making the paper, but how would an attack like this work in real-life?
In other news, the US satellite defense system was recently shut down by a virus introduced when it scanned a foreign base protected by olympic-sized holographic imaging technology that exploited a buffer overflow in the video encoder.
The attack appears to repurpose technology recently employed in the US to create a popular line of clothing that embeds patterns intended to crash and sometimes brick many smartphones and several popular surveillance systems.
This is an asinine story. It doesn't matter what data you use to overflow a buffer. It could be a list of Donald Trump's favorite Nazis for that matter, but that doesn't change reality. We've known about them since at least 1972 which was the first time I can remember seeing them described. Now, these dishonest Republicans are claiming this is something new in order to get good press. That is just so typical of their kind. These people need to be beaten and put in prison for spewing this lie. Sad though that slashdot was taken in by their web of lies. I guess we have a moderator now that is a Trump supporter. Their kind is so stupid they just make thinking people want to die. Want to die.
Police: "So, why did you hack the computer?"
Guy: "I'm sorry sir, I can't help it. It's in my DNA"
After sucking on my DAMN balls
They even managed to hack into this Slashdot article and introduce a typo!
This attack was apparently used to create the author who just caused my bullshit buffer to overflow.
Yet another reason why device manufacturers, not to mention everyone else, should move to RUST sooner rather than later.
Did you ever wake up in the morning, with a Zombie Woof behind your eyes? -- FZ
This is a very cool hack.
'course, there's an emacs command to do that.
If it weren't for deadlines, nothing would be late.
Take a chill pill and recognize an opportunity for a joke fest when you see it! Few postings provide material this good!
Let the jokes fly and moderators BREAK THE GLASS OVER YOUR FUNNY BUTTONS!
It was on an episode of Bones, when they were facing off against uber-hacker Kevin Poulant. He etched a micro-pattern into some bones, and when they were topographically scanned the malware embedded in the etching granted him access to the lab's computers. Exactly the type of exploit envisioned here. And since there's nothing original on TV, this is probably not the first time it's been done.
Authorities are searching today for the stylist for the POTUS who disappeared shortly after an analysis of data flowing from cameras shown pictures of the current POTUS found a computer virus designed to create a backdoor into any system protected by facial recognition.
Interestingly, the hack also appeared to protect itself from discovery, occasionally causing those staring at the POTUS' hair to break into hysterical laughter and dismiss him as a pompous buffoon or a clown.
Patch the code to: $stmt = $db->prepare('SELECT * FROM employees WHERE DNA = :dna');
$stmt->execute(array('dna' => $input));
This is the type of "research" that deserves to be hidden behind a paywall.
Oh my! Could it be more click bait?
Come on! How can a DNA-BASED exploit crack my PC? By spitting on the keyboard or coughing at the screen!
Come on!
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
Now, combine this technique with a biological virus:
Have a biological virus that becomes a computer virus when its DNA is analyzed.
And when the computer virus infects a computer controlling a DNA synthesis machine, it could insert code into biological viruses created.
Allowing a virus that can infect both computers and biological lifeforms.
Philipp
This is really nothing more than a PR stunt. What the researchers did was take a sequencing data compression program fqzcomp written for the Sequence Squeeze competition and deliberately broke it so there was a buffer overrun. What's more is that they broke it in such a way that all DNA sequences would have made the program go wrong in some way, probably by crashing it.
All they demonstrated is that if you break a program then it is broken.
All DNA sequencing machines produce well formed data files as output so you cannot cause a buffer overrun just by adding your own special DNA variant sample. It would just be treated like any normal sample data. There are vulnerabilities in sequencing data processing program code but to exploit them you would have to alter the file themselves not the DNA samples going into the machine.
http://dnasec.cs.washington.ed....
A buffer overflow exploit is nothing new. The data being DNA in this case is a mute point since input can be derived from any media.
I'm thinking maybe Tetris would be a good start. Falling strands of DNA and the object is to fit them together........might be interesting to see happen.
"data that exceeds a storage buffer can be interpreted as a computer command"
Nice journey :) I always new that scientist funny guys who like spend taxpayers money on things like that ;))
I left my DNA in your mom!!!
Dad, is that you? Don't leave again. I'll be better. I promise.
In my little league team I hit a home run. You can come to my games. I'm not mad - even though mom had to teach me how to throw a ball.
Just please come back, Dad. Even if its just for a visit. Maybe you can help pay for my college.