Could your DNA be used as a vector for attack on devices and networks? The short answer is yes, kind of. As the line blurs everyday between science fiction and reality the incidents of security breaches are becoming more complex and deep. At the Usenix Security Conference, a group of researchers from the University of Washington presented a paper to show how they wrote malware to specifically hijack industry standard gene-sequencing devices. This was accomplished by encoding the malware into a strand of DNA. One the gene sequencer device reads the DNA strand it becomes corrupted and can be controlled remotely by an attacker.
The success rate of the attack was not high but it was not low either, as the attack was successful 37% of the time. Additionally the researchers intentionally used a weakened version of sequencing software. However, the ability to use DNA as a vector for malware transmission was proven and certainly opens up the new vulnerabilities for organizations.
Potential Prevention Method: Log Monitoring
Given that gene-sequencing devices are on a network like any other device they will generate log data as well that can help in IT forensic analysis. Having a system in place to analyze log data across a network would be extremely helpful for detection and prevention of a data breach. This is where security information and event management (SIEM) solutions come in. SIEM is the is activity of tracking, collecting, and analysis of log data. SIEM software often identifies behavioral patterns, defines a “normal” or baseline for devices and users, and monitors for deviations from the baseline. SIEM software does not usually take action on findings, but provides very actionable data for security teams. However there may have to be some updates to accommodate for this new class of threat for proper detection.