DNA virus infects computer that reads it

Charmonium · Aug 15, 2017

This is pretty bizarre.

Computers run on a binary stream of electrical impulses that alternates between OFF and ON: 0 and 1. As a consequence, executable code has to go through the binary state on some level. Reading the DNA sequence got the malicious code into the computer that was doing the read, and from there it took advantage of a buffer overflow and got loose in the system to grab for privileges.

“The conversion from ASCII As, Ts, Gs, and Cs into a stream of bits is done in a fixed-size buffer that assumes a reasonable maximum read length,” explained co-author Karl Koscher in an email exchange with TechCrunch.

“The exploit was 176 bases long,” Koscher wrote. “The compression program translates each base into two bits, which are packed together, resulting in a 44 byte exploit when translated.”

“Most of these bytes are used to encode an ASCII shell command,” he continued. “Four bytes are used to make the conversion function return to the system() function in the C standard library, which executes shell commands, and four more bytes were used to tell system() where the command is in memory.”

In other words: feed this strand of DNA into a compiler and it’s Hello World in 176 nucleobases. Three lines of math, indeed.

https://www.extremetech.com/interne...rite-malicious-code-dna-infect-computer-reads

zinfamous · Aug 15, 2017

damn that is so meta.

BarkingGhostar · Aug 15, 2017

I read this the other day and thought about how Mr.s Smith categorized humans. So true.

Ichinisan · Aug 15, 2017

Reminds me of something.

Back in the '90s, Nintendo 64 game ROM dumps distributed on the Internet were meant to be played on real hardware using something like a Bung Dr. V64 device. The "Project Unreality" emulator ran a couple simple "hello world" homebrew demos, but could not run any retail games.

The groups that dump and release games to the Internet would usually modify the ROMs a bit. They would add an intro with their group name, member names, shout-outs to other release groups, etc. SNES ROMs went through similar tampering. Sometimes the release included a "trainer" intro that added cheat options or actually bypassed copy protection. The release group would brag about their accomplishments or being first to "release" a dump for a particular title. You'd see all this when you tried to run the game ROM on your N64.

Someone made a PC executable tool that would identify intros from particular release groups and remove it from the ROM file, typically producing a file that is a 100% original ROM dump. One of the release groups didn't like seeing their credit / recognition stripped from releases. A future release from that group would trigger a buffer overflow vulnerability in the intro removal tool, which then did some virus-like stuff to the computer that tried to run it.

So a file containing executable N64 code would also infect an x86 PC when someone tries to remove the intro.

JoeBleed · Aug 15, 2017

I suppose this is cool, but to do this, they introduced the vulnerability into the software themselves. to what extent?

ImpulsE69 · Aug 15, 2017

I probably don't completely understand this....but...is there a potential to reverse this scenario? Or not likely since we don't suffer from buffer overflows?

dave_the_nerd · Aug 15, 2017

This was an episode of Bones. I'm going to say the same thing now that I said then.

Data is inert until you tell a computer to execute it. You could have "hello world" embedded in your JPEGs, but as long as you're running it like a JPEG and not like a .exe, it's not going to do you any harm.

This is a problem with the software they are using to read DNA sequences. Fix the bug (which shouldn't exist) and you're done. Properly sandbox the program and it wouldn't even be an issue.

dave_the_nerd · Aug 15, 2017

ImpulsE69 said:
I probably don't completely understand this....but...is there a potential to reverse this scenario? Or not likely since we don't suffer from buffer overflows?

You're going to be assimilated. Sorry.

JoeBleed · Aug 15, 2017

dave_the_nerd said:
This is a problem with the software they are using to read DNA sequences. Fix the bug (which shouldn't exist) and you're done. Properly sandbox the program and it wouldn't even be an issue.

It's a bug they put in the software for this to happen. they created the virus and the bug to exploit. Basically like you said, it was a Bones episode and they wanted to make it happen i guess.

Elixer · Aug 15, 2017

dave_the_nerd said:
Data is inert until you tell a computer to execute it. You could have "hello world" embedded in your JPEGs, but as long as you're running it like a JPEG and not like a .exe, it's not going to do you any harm.

Unless there is an exploit in the viewer 😉
Not so long ago, you can use a browser to go to some infected site where all the pics had exploit code, and the browser had a flaw in the jpg parser...

I don't think this is that big of a deal, you can encode lots of stuff in basically anything, and if the right program tries to read it, and there is a exploit for that program, that it would be simple to attack people that way.

mikeymikec · Aug 16, 2017

dave_the_nerd said:
This was an episode of Bones. I'm going to say the same thing now that I said then.

Data is inert until you tell a computer to execute it. You could have "hello world" embedded in your JPEGs, but as long as you're running it like a JPEG and not like a .exe, it's not going to do you any harm.

This is a problem with the software they are using to read DNA sequences. Fix the bug (which shouldn't exist) and you're done. Properly sandbox the program and it wouldn't even be an issue.

+1

Life would certainly be interesting if PCs spent their time automatically attempting to execute every bit of data they receive...

Murloc · Aug 16, 2017

interesting but not a big deal, I mean you just shouldn't execute random stuff as code. The fact that it comes from DNA or anything else is arbitrary.

Still, if you know a software exploit, you could engineer a GMO bacteria to infect the lab computer. Pretty expensive.

Charmonium · Aug 16, 2017

This is preparation for when the robots take over. We'll hack them with malicious code from our DNA. 😉

Atom_101 · Aug 21, 2017

ImpulsE69 said:
I probably don't completely understand this....but...is there a potential to reverse this scenario? Or not likely since we don't suffer from buffer overflows?

If you mean, using computers to create human viruses then definitely the scenario can be reversed.

Read up on Microsoft's project Azimuth

https://blogs.microsoft.com/ai/2016...puter-science-tools-in-new-system-for-crispr/

mikeymikec · Aug 21, 2017

Charmonium said:
This is preparation for when the robots take over. We'll hack them with malicious code from our DNA. 😉

"Hah! I got that one right in the eye!"

Kaido · Aug 22, 2017

dave_the_nerd said:
This was an episode of Bones. I'm going to say the same thing now that I said then.

Data is inert until you tell a computer to execute it. You could have "hello world" embedded in your JPEGs, but as long as you're running it like a JPEG and not like a .exe, it's not going to do you any harm.

This is a problem with the software they are using to read DNA sequences. Fix the bug (which shouldn't exist) and you're done. Properly sandbox the program and it wouldn't even be an issue.

Kaido · Aug 22, 2017

Replacement screens can be used to hijack your phone:

https://www.engadget.com/2017/08/20/study-smartphone-parts-attack/

MtnMan · Aug 22, 2017

False

DNA virus infects computer that reads it

Charmonium

Lifer

zinfamous

No Lifer

BarkingGhostar

Diamond Member

Ichinisan

Lifer

JoeBleed

Golden Member

ImpulsE69

Lifer

dave_the_nerd

Lifer

dave_the_nerd

Lifer

JoeBleed

Golden Member

Elixer

Lifer

mikeymikec

Lifer

Murloc

Diamond Member

Charmonium

Lifer

Atom_101

Junior Member

mikeymikec

Lifer

Kaido

Elite Member & Kitchen Overlord

Kaido

Elite Member & Kitchen Overlord

MtnMan

Diamond Member

TRENDING THREADS