When DNA Becomes Code: Hacking Genetics in the Digital Age
- Research Staff
- Apr 11
- 4 min read
Updated: Apr 12
This article explores how DNA can be hacked to compromise digital systems. It highlights the risks to crime scenes, healthcare, and data security while raising critical questions about biosecurity in a digital age.
By Hemvardhan Bollamereddy
Imagine a world where genetic code can be hacked like a computer. While it seems like a ploy straight from the script of science fiction, in 2017, a group of researchers at the University of Washington made this idea a reality. Led by Tadayoshi Kohno, a professor in Computer Science and Engineering, a research team from the University of Washington revealed for the first time a method to encode malware into physical strands of DNA in 2017. This is exactly why I am interested in the advent of such futuristic technologies and procedures. Thus, this article explores their feats and questions the reality of our future and the impact such practices can have.
The Foundations of a New Digital Threat
Currently, DNA sequencers convert biological information into digital data in three steps:
Chemical Translation - Laboratories bind special dyes to the DNA sample to make its bases glow. For example, A could be green, T could be red and so on.
Optical Scanning: Cameras then capture these colors by shining light through them and taking many pictures.
Binary Conversion: Computers then compile the images and translate the color sequences into binary 0s and 1s to be stored on the computer.
The third step is precisely where the University of Washington’s team saw an oversight. By carefully creating DNA sequences, they triggered a buffer-overflow effect when too much data overwhelms a program, letting the remaining data run malicious commands. An example of this to show you how it works would be trying to stuff a 10-pound book into a backpack that can only carry 5 pounds. The excess part of the book will stick out. Such a digital excess allows for hidden malware to be executed. When a sequencing machine read their artificial malware encoded DNA, the infected computer contacted a UW server, giving them full remote access.
Real World Implications
DNA evidence is used in countless felony convictions. This means that malicious DNA could completely contaminate crime scenes with synthetic DNA or generate false matches in databases. These possibilities mean that DNA encoded malware can easily push the blame on an innocent citizen, which would result in the real criminal getting away. Now, I do not have to explain how bad that would be.
Additionally, DNA is used often in healthcare, leaving many possibilities for this kind of technology. For instance, many private patient data could be breached, posing a serious problem. Test results could also be altered, which could have consequences that include being prescribed wrong treatments or having to undergo risky procedures for no reason. Incorrect results can also cause stress and take a mental toll on patients. For example, how would you feel if you were told one day that you have Stage 4 liver cancer, only for the test to be a fluke?
In the research setting, DNA hacking could skew clinical trial results. This means that institutions may cause more harm than good as they believe they may have found a breakthrough for any health problem. In the world of pharmaceutical technologies, this is a problem as it could lead to medicine that harms people being produced and dispersed on a large scale.
As DNA synthesis costs continue to decrease, it becomes significantly easier for potential attackers to use this exploit. While the ongoing growth of the genetics and bioinformatics fields is a good thing, it leads to more and more places being equipped with backdoors that can completely crash the industry.
Reason to cause panic?
It should be noted that this was simply a proof of concept and will be extremely unlikely to happen in a real situation. The research team explained that the attack was only fully translated about 37.4% of the time as the way the sequencer split up the DNA was based entirely on luck. Note that this was also the case with the researchers creating an extremely unrealistic situation by disabling certain security features, showing clearly that such an attack is far off the horizon in the real world.
“Their exploit is basically unrealistic" - Yaniv Erlich, geneticist and programmer, chief scientific officer of MyHeritage.com.
Additionally, detection systems are rapidly improving to match the pace of these exploits. In fact, the Waterford Institute of Technology is using deep learning to identify malware-encoded DNA with great success. The Global Alliance for Genomics & Health has also updated its security standards in light of such exploits. This shows that such exploits will be picked up and stopped.
Conclusion
"One of the big things we try to do in the computer security community is to avoid a situation where we say, 'Oh shoot, adversaries are here and knocking on our door and we're not prepared,'" - Tadayoshi Kohno.
Kohno explains that the experiment was not to be treated as a real-world exploit but instead as a proof-of-concept to show vulnerabilities in DNA sequencing systems. The goal was to serve as a wake-up call within the scientific and cybersecurity communities to prepare future generations to fight such exploits. His team’s findings revealed that many DNA sequencing
tools lacked robust security protocols, likely because they assumed these systems would never face attacks when their developers made them. The solution would be to urge organizations that work with DNA to adopt modern cybersecurity practices like software updates, secure coding regulations, and threat detection systems like the one from WIT.
FAQ
Can malware alter actual human DNA?
No – it targets software, not biological systems. Think about corrupting a DNA analysis PDF, not someone's genes.
How much DNA is needed for an attack?
The UW experiment used 4,091 base pairs – about 0.000001% of a human genome.
Can my home DNA test kit be hacked?
Extremely unlikely. Current risks focus on research labs and industrial systems.
Sources
Greenberg, A. (2017, August 10). Biohackers Encoded Malware in a Strand of DNA. Wired; WIRED. https://www.wired.com/story/malware-dna-hack/
Regalado, A. (2017, August 10). Scientists Hack a Computer Using DNA. MIT Technology Review.
Chu, L., Su, Y., Yao, X., Xu, P., & Liu, W. (2024). A Review of DNA Cryptography. Intelligent Computing. https://doi.org/10.34133/icomputing.0106
Islam, M. S. 1, Ivanov, S. 1, Awan, H. 2, Drohan, J. 3, Balasubramaniam, S. 4, Coffey, L. 5, Kidambi, S. 6, Sri-saan, W. 4 1 S. E. T. U., Molecular Biotechnology Research Centre, W., Molecular Biotechnology Research Centre, W., & Biomolecular Engineering, L. (2022). Using deep learning to detect digitally encoded DNA trigger for Trojan malware in Bio-Cyber attacks. ProQuest. https://doi.org/10.1038/s41598-022-13700-5
Ney, P., Koscher, K., Organick, L., Ceze, L., & Kohno, T. (n.d.). Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More. https://dnasec.cs.washington.edu/dna-sequencing-security/dnasec.pdf
About Hemvardhan Bollamereddy
I'm a highly motivated high school student at Cypress Bay with a strong passion for engineering and software development. Despite my age, I bring extensive technical skills and hands-on experience, and I'm eager to contribute to meaningful projects while gaining industry exposure. I aim to pursue dual engineering and computer science studies, as I find both fields deeply satisfying. I'm committed to creating impactful solutions and am enthusiastic about learning from industry professionals.
