A security flaw could allow hackers to trick lab scientists into creating viruses



[ad_1]

Cybersecurity researchers at Ben-Gurion University of the Negev recently uncovered a cyberattack that could allow hackers to remotely trick laboratory scientists to create toxins and viruses.

The set up: Medical professionals use synthetic DNA for a variety of reasons, including the development of immunogens for creating vaccines. Ben-Gurion researchers developed and tested an end-to-end attack that modifies data on a bioengineer’s computer in order to replace short DNA substrings with malicious code.

If terrorists wanted to spread a virus or toxin by hijacking a reputable laboratory or hiding it inside a vaccine or other medical treatment, they would traditionally need physical access to the laboratory or part of its supply chain. According to this article published last week in Nature Biotechnology, this is no longer the case.

Researchers say a simple Trojan horse and a bit of hidden code could turn medicine into malice and the engineers who create the tainted products would no longer be wise:

A cyber attack involving synthetic DNA orders could lead to the synthesis of nucleic acids that encode parts of pathogenic organisms or harmful proteins and toxins… This threat is real. We conducted a proof of concept: A clouded DNA encoding a toxic peptide was not detected by the software implementing the screening guidelines. The respective order has been moved to production.

The researchers describe a scenario in which a bad actor uses a Trojan horse to infect a researcher’s computer. When that researcher goes to order synthetic DNA, the malware blurs the order so that it looks legitimate for the security software the DNA store uses to check it. In reality, the blurred DNA substrings are harmful.

The DNA shop executes the order (unknowingly sending the dangerous DNA to the researcher) and the researcher security software fails to discover the obfuscated substrings, so the researcher remains in the dark.

The researchers were able to use their technique to successfully bypass security for 16 of the 50 orders they tested it on.

Credit: Nature

What does it mean: We are at a dangerous midpoint where AI is not yet advanced enough to detect these types of adapted envelope attacks and humans simply cannot pay enough attention on a large scale.

DNA replication services synthesize DNA in such large numbers that it would be impossible for humans to control every sequence. We rely on automation and artificial intelligence to make sure everything is as it should be, but when anomalies arise the machines turn to humans to make the call. In this case, humans would likely not be able to see through the smoke screen either.

To address the problem, the researchers suggest that a suite of cybersecurity measures they advocate should be immediately deployed across the biotech community. You can read the document here.

Posted on November 30, 2020 at 20:14 UTC



[ad_2]
Source link