DNA virus infects computer that reads it

Toggle sidebar Toggle sidebar
Charmonium

Charmonium

Lifer
May 15, 2015
10,555
3,546
136
This is pretty bizarre.

Computers run on a binary stream of electrical impulses that alternates between OFF and ON: 0 and 1. As a consequence, executable code has to go through the binary state on some level. Reading the DNA sequence got the malicious code into the computer that was doing the read, and from there it took advantage of a buffer overflow and got loose in the system to grab for privileges.

“The conversion from ASCII As, Ts, Gs, and Cs into a stream of bits is done in a fixed-size buffer that assumes a reasonable maximum read length,” explained co-author Karl Koscher in an email exchange with TechCrunch.

“The exploit was 176 bases long,” Koscher wrote. “The compression program translates each base into two bits, which are packed together, resulting in a 44 byte exploit when translated.”

“Most of these bytes are used to encode an ASCII shell command,” he continued. “Four bytes are used to make the conversion function return to the system() function in the C standard library, which executes shell commands, and four more bytes were used to tell system() where the command is in memory.”

In other words: feed this strand of DNA into a compiler and it’s Hello World in 176 nucleobases. Three lines of math, indeed.
Click to expand...
https://www.extremetech.com/interne...rite-malicious-code-dna-infect-computer-reads
 
Ichinisan

Ichinisan

Lifer
Oct 9, 2002
28,298
1,235
136
Reminds me of something.

Back in the '90s, Nintendo 64 game ROM dumps distributed on the Internet were meant to be played on real hardware using something like a Bung Dr. V64 device. The "Project Unreality" emulator ran a couple simple "hello world" homebrew demos, but could not run any retail games.

The groups that dump and release games to the Internet would usually modify the ROMs a bit. They would add an intro with their group name, member names, shout-outs to other release groups, etc. SNES ROMs went through similar tampering. Sometimes the release included a "trainer" intro that added cheat options or actually bypassed copy protection. The release group would brag about their accomplishments or being first to "release" a dump for a particular title. You'd see all this when you tried to run the game ROM on your N64.

Someone made a PC executable tool that would identify intros from particular release groups and remove it from the ROM file, typically producing a file that is a 100% original ROM dump. One of the release groups didn't like seeing their credit / recognition stripped from releases. A future release from that group would trigger a buffer overflow vulnerability in the intro removal tool, which then did some virus-like stuff to the computer that tried to run it.

So a file containing executable N64 code would also infect an x86 PC when someone tries to remove the intro.
 
Last edited:
  • Like
Reactions: Charmonium and tommo123
JoeBleed

JoeBleed

Golden Member
Jun 27, 2000
1,408
30
91
I suppose this is cool, but to do this, they introduced the vulnerability into the software themselves. to what extent?
 
ImpulsE69

ImpulsE69

Lifer
Jan 8, 2010
14,946
1,077
126
I probably don't completely understand this....but...is there a potential to reverse this scenario? Or not likely since we don't suffer from buffer overflows?
 
  • Like
Reactions: dave_the_nerd
dave_the_nerd

dave_the_nerd

Lifer
Feb 25, 2011
16,994
1,622
126
This was an episode of Bones. I'm going to say the same thing now that I said then.

Data is inert until you tell a computer to execute it. You could have "hello world" embedded in your JPEGs, but as long as you're running it like a JPEG and not like a .exe, it's not going to do you any harm.

This is a problem with the software they are using to read DNA sequences. Fix the bug (which shouldn't exist) and you're done. Properly sandbox the program and it wouldn't even be an issue.
 
  • Like
Reactions: Ken g6
JoeBleed

JoeBleed

Golden Member
Jun 27, 2000
1,408
30
91
dave_the_nerd said:
This is a problem with the software they are using to read DNA sequences. Fix the bug (which shouldn't exist) and you're done. Properly sandbox the program and it wouldn't even be an issue.
Click to expand...

It's a bug they put in the software for this to happen. they created the virus and the bug to exploit. Basically like you said, it was a Bones episode and they wanted to make it happen i guess.
 
Elixer

Elixer

Lifer
May 7, 2002
10,371
762
126
dave_the_nerd said:
Data is inert until you tell a computer to execute it. You could have "hello world" embedded in your JPEGs, but as long as you're running it like a JPEG and not like a .exe, it's not going to do you any harm.
Click to expand...
Unless there is an exploit in the viewer ;)
Not so long ago, you can use a browser to go to some infected site where all the pics had exploit code, and the browser had a flaw in the jpg parser...

I don't think this is that big of a deal, you can encode lots of stuff in basically anything, and if the right program tries to read it, and there is a exploit for that program, that it would be simple to attack people that way.
 
  • Like
Reactions: Mike64
mikeymikec

mikeymikec

Lifer
May 19, 2011
21,067
16,301
136
dave_the_nerd said:
This was an episode of Bones. I'm going to say the same thing now that I said then.

Data is inert until you tell a computer to execute it. You could have "hello world" embedded in your JPEGs, but as long as you're running it like a JPEG and not like a .exe, it's not going to do you any harm.

This is a problem with the software they are using to read DNA sequences. Fix the bug (which shouldn't exist) and you're done. Properly sandbox the program and it wouldn't even be an issue.
Click to expand...

+1

Life would certainly be interesting if PCs spent their time automatically attempting to execute every bit of data they receive...
 
  • Like
Reactions: Mike64
Murloc

Murloc

Diamond Member
Jun 24, 2008
5,382
65
91
interesting but not a big deal, I mean you just shouldn't execute random stuff as code. The fact that it comes from DNA or anything else is arbitrary.

Still, if you know a software exploit, you could engineer a GMO bacteria to infect the lab computer. Pretty expensive.
 
Charmonium

Charmonium

Lifer
May 15, 2015
10,555
3,546
136
This is preparation for when the robots take over. We'll hack them with malicious code from our DNA. ;)
 
Kaido

Kaido

Elite Member & Kitchen Overlord
Feb 14, 2004
51,691
7,291
136
dave_the_nerd said:
This was an episode of Bones. I'm going to say the same thing now that I said then.

Data is inert until you tell a computer to execute it. You could have "hello world" embedded in your JPEGs, but as long as you're running it like a JPEG and not like a .exe, it's not going to do you any harm.

This is a problem with the software they are using to read DNA sequences. Fix the bug (which shouldn't exist) and you're done. Properly sandbox the program and it wouldn't even be an issue.
Click to expand...

exploits_of_a_mom.png
 
  • Like
Reactions: Charmonium and Mike64
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom