1300 482 638
NEWSLETTER
SUBSCRIBE TO OUR NEWSLETTER. GET IT&T LATEST NEWS.
Events
CATEGORIES

Security flaw could allow hackers to trick lab scientists into making viruses

February 6, 2021

HEA_Security_flaw_could_allow_hackers_to_trick_lab_scientists_LP

Cybersecurity researchers recently discovered a computer attack that could allow hackers to remotely trick laboratory scientists into creating toxins and viruses.

The setup: Medical professionals use synthetic DNA for a variety of reasons, including the development of immunogens for creating vaccines. The researchers developed and tested an end-to-end attack that changes data on a bioengineer’s computer in order to replace short DNA sub-strings with malicious code.

If terrorists wanted to spread a virus or toxin by hijacking a reputable lab or hiding it inside of a vaccine or other medical treatment, they’d traditionally need physical access to the laboratory or part of its supply chain. According to this paper published last week in Nature Biotechnology, that’s no longer the case.

The researchers claim that a simple trojan horse and a bit of hidden code could turn medicine into malice and the engineers creating the tainted goods would be none the wiser:

A cyberattack intervening with synthetic DNA orders could lead to the synthesis of nucleic acids encoding parts of pathogenic organisms or harmful proteins and toxin…This threat is real. We conducted a proof of concept: An obfuscated DNA encoding a toxic peptide was not detected by software implementing the screening guidelines. The respective order was moved to production.

The researchers describe a scenario wherein a bad guy uses a Trojan horse to infect a researcher’s computer. When that researcher goes to order synthetic DNA, the malware obfuscates the order so that it looks legit to the security software the DNA shop uses to check it. In reality, the obfuscated DNA sub-strings are harmful.

The DNA shop fills the order (unknowingly sending the researcher the dangerous DNA) and the researcher’s security software fails to uncover the obfuscated sub-strings so the researcher remains clueless.

The researchers managed to use their technique to successfully bypass security for 16 out of the 50 orders they tried it on.

What this means: We’re in a dangerous in-between place where AI isn’t advanced enough yet to detect these kinds of adapted envelope attacks, and humans simply can’t pay enough attention at scale.

DNA replication services synthesise DNA in numbers so great it would be impossible for humans to check each sequence. We rely on automation and AI to make sure everything is as it should be, but when anomalies show up the machines turn to humans to make the call. In this case, humans likely wouldn’t be able to see through the smokescreen either.

To address the issue, the researchers suggest a suite of cybersecurity measures they claim should be immediately implemented across the biotechnology community. You can read the entire paper here.

Related Posts
Aruba Instant On
Aruba Instant On brings first-class quality to SMB and enterprise
Storage Management
The (r)Evolution of Storage Management
Microsoft office 365 business
Office 365 Business Pricing and Support Plans
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
Scroll to Top

Taking Time to Celebrate

– IT&T’s Festive Closure

We’ll be taking a festive break from Monday, 23rd December 2024, and will return refreshed and ready to assist you on Monday, 6th January 2025.


Our team wishes you a joyful Christmas and a bright New Year! Emergency support will still be available—please reach out if needed.