Well CRISPR my MEATPISTOL, if this isn't the weirdest thing I've heard in a while.
Maybe we can look forward to a Trojan horse that is actually a horse (except for the spider parts that were added as a joke).
We could build this giant wooden badger...
We don' need no ...
... steenkeen badgers.
Re: We don' need no ...
badger, badger, badger, badger
Oh, letdown on the article title
I thought you had a clever title subtly referring to the "Gene editing used to eliminate viruses in live pigs". Instead, this was pen-testing of a different strain.
Hacking own DNA to hack sequencing machine when you are swabbed
Surely there is nothing to worry about. Mine is the one with 3 sleeves, thank you
Sounded like another "buffer overflow" error attack* but then.....
The program processes DNA sequences so the notion is to craft a DNA sequence (presumably in some bacteria or virus) that when detected, analyzed and fed through the software triggers a BO fail.
DNA synthesis machines (and DNAaaS companies exist) have been around for decades, although reinserting the product into an organism is tricky.
You'd probably want it to have it marked "do not read" by the host organism as what that sequence coded for inside an organism could be anything. Also genes are not read quit the way most people think they are. They are usually in multiple segments and often sub sets of the full set can generate specific proteins as well
So the attack vector is DNA --> Analyser--> V. big file --> file compressor -->Pwd PC running file compressor.
Worst case scenario. The malware writer inadvertently creates something that is a viable structure in the host organism and it's highly dangerous.
I guess it's what you'd do if you were the NSA and you suspected a nation state was running a covert BW programme you wanted to get a window into.
This is real Greg Bear territory ("Vitals" comes to mind), although I think William Gibson did a short story ("New Rose Hotel"? ) that loosely hinges around this idea.
Beer as it's Friday and y'know, yeast.
*My second thought was someone had used genetic algorithm techniques to "breed" more efficient BO code, which would be clever but not be that interesting (I'm not familiar with the subject but I'd be astonished if that hadn't been done several times by now).
"New Rose Hotel"
Exactly what came to mind for me. Gibson's short story included (if I recall correctly) a hacked gene sequencer located in a rival company reprogrammed to quietly crank out a deadly virus...
Has to be said
Fortunately there are no known instances of this exploit seen in the wild.
A DNA researcher is called Lee Organick :)
Re: Picture Caption
One is Organick, the second is Koscher!
Their modification of fqzcomp means that not only does their custom DNA string cause it to break (in an exploitable way), but *all* DNA strings from the same sequencing run would cause it to fail too - likely in a crash. It's therefore an unrealistic attack as no one would deploy such a tool.
This is a shame because there *are* weaknesses in many tools (fqzcomp included - it has no check for ntok reaching MAX_TOK for example) that can be exploited if you control the *file* contents, but not if you control the *physical DNA* sample. The sequencing instrument is a great leveller here - it turns DNA into well-formed valid output files, which existing software then copes with just fine. The real problems are web sites that permit upload of data files - so cloud analysis sites etc rather than sequencing-as-a-service.
That said, why would anyone be using fqzcomp for real? It was a royal hack, mostly done at ungodly hours of the morning, as an academic exercise and entry to a competition. It even claims it's "experimental" in the README file. If anyone really cares, use https://sourceforge.net/projects/slimfastq/ instead which was a rewrite of fqzcomp (by a storage company) to be more stable. :-)
"hat said, why would anyone be using fqzcomp for real? It was a royal hack, "
Because no one uses botched, stitched together software in their production environments, right?
I'd guess they used it because it because a)They wrote it b)It's actually in common use around the country (or even the world) c)They have a copy in their DNA lab.
TL;DR. RTF report.
So scientists manipulated data into a vuln. No actual DNA took part other than peripherally.
A bit different than suggested by your clickbait headline, Mr Journalist.
Wrong. They created synthetic DNA which, when sequenced, produced dataset, which in turn allowed them to pwn the computer doing the processing. Admittedly it was due to a bug they inserted into software themselves - so more like a backdoor, to which actual strand of DNA was a key.
"They created synthetic DNA which, when sequenced, produced dataset"
Which is an unnecessarily long winded way to produce a dataset.
"Admittedly it was due to a bug they inserted into software themselves "
True, and they stated as much in the report.
However they also stated they done a source code analysis that showed the program did use the same sort of unsafe coding practices.
Rather than release a sequence that could crash an unmod'd copy of the program they created a deliberately compromised version that could be crashed by their sequence.
Which demonstrates this can really happen but not exactly how to do it.
I guess that's "responsible disclosure" in this field
"unnoticed in many-a-lab"
many-a-lab? What you mean is many a lab. many-a-lab is a prepositional adjective, what you need there is a postpositional descriptive phrase. Guardian journalist infestation again?
ACTGTCATGCTG'); DROP TABLE dna_sequenced;--
Is that you Bobby?
RE: Is that you Bobby?
Is one very bad boy.
From their FAQ: "Many of these are written in languages like C and C++ that are known to contain security vulnerabilities unless programs are carefully written. In this case the programs did not follow computer security best practices. For example, most had little input sanitization and used insecure functions. Others had static buffers that could overflow."
So what's new? If you don't code in COBOL, your code is going to be insecure. Coding in C / C++ reminds me of a builder who put a house together, then was astonished that his customer wanted DOORS in every doorway. He was absolutely astounded that even more than that, the customer wanted LOCKS in ever door! What's with that? he wondered. The building works just fine without them!! 'Nuff said.
I met several types of DNA...
... who could create havoc in any system they touched not because of their skills, but plain ignorance and arrogance. The worst part, they've been able to reproduce, also.
Storage admins - abandon all hope
But is it possible that natural human DNA could also accidentally take down a biological research computer system someday?
I've been told that a PromethION sequencer will output 500MB/s*, so that'd probably take down many networks and storage systems.
*yes that capitalisation is correct
Re: Storage admins - abandon all hope
When sequencing gets that quick and easy, there comes a point where the intermediate files (like FASTQ or even BAM) get labelled purely as temporary / transitional, with the final output (one of the variant call formats) being the only thing to store.
We're not there yet,but it won't be too long before it's cheaper to resequence than it is to store.
Old Dr Who story.
"The Wolves of Fenric"
Mad Cold War plan to encourage Russians to steal British crypto machine without anyone knowing it's gone. Machine is too large and complex to take apart without breaking so they will not discover the poison gas canister hidden inside to be triggered on receipt of a hard coded message.
But things are not quite that simple.