Prompt: The article “Malicious code written into DNA infects the computer that reads it” describes a “world first” where researchers successfully infected a computer using a malicious program encoded into a physical strand of DNA. While the researchers acknowledge that this specific attack vector is currently difficult to execute, they emphasize that it serves as a symbolic milestone for the overlap between the digital and biological worlds.

Task: Write a 250-word response addressing the following:

  • Identify the specific security vulnerabilities in DNA analysis software that the researchers discovered.
  • Explain the “isolation” strategies (such as VMs or containers) recommended by the researchers to mitigate the damage of potential biological-to-digital exploits.
  • Discuss the ethical and security implications of treating biological data as “untrusted input.” As we move toward a future where DNA is increasingly digitized, how should organizations balance scientific advancement with these emerging biocybersecurity risks?

1. The researchers discovered that in the DNA Analysis software, there is a way to overflow the system. The DNA sequences (A’s, T’s, G’s, and C’s) are converted into binary code by the system to look for patterns. However, due to the outdated systems, they don’t have functionality to check for memory overflow. Someone could configure a sequence to make the system have a data overflow when reading the DNA. 

2. One of the strategies mentioned was to have the systems checking the sequences run through VMs. This way, if anything were to happen, the main system wouldn’t be impacted. They also suggest that the systems are isolated from the publicly available cloud services that they are hosted on. 

3. Treating biological data as untrusted input would change the way security is for testing. A lot of hospitals would have to undergo various levels of training, and this would be very expensive. On top of that, there is a major ethical issue with treating biological data as untrusted input. This could be taken advantage of and used as a reason for discrimination. Hospitals can deny people who don’t undergo specific testing, and that testing has the possibility of being expensive. This can also lead to different levels of accessible medical care. There is already a class-level gap in medical care in the United States, and having the possibility of treating bio data as untrustworthy can make that gap bigger than it already is. Overall, this can be something that can snowball into a big ethical issue. Not to mention the idea that someone could have malicious code put into their dna without their consent.