Holy crap. Malware hidden in a strand of DNA hijacks the computer that analyzes that particular gene sequence.
We're going to live in a very weird world man.
@LoganDice "and I hope YOU'VE learned to sanitize your inputs!"
@LoganDice #Wired, indeed. 🤔 😶
But the real Question should be, WHAT is out there that we DO NOT KNOW right now? 
@LoganDice Are we sure this is not the plot of a CSI episode?
No?
Like.... what is happening here, is it a strange buffer overflow or something?
@LoganDice Like this has to be a flaw in the software
@LoganDice Yep, buffer overflow
Yeah this doesn't seem so interesting
@LoganDice
😂I want to see a hack thru face recognition. It would be hilarious if somebody crashes the airport with his face.
@LoganDice just to add, there are poisons that are made by combining to benign substances. Maybe somebody can make a computer viruse that works the same way using somebody's face as an ingredient.
@LoganDice fortunately, it looks similar enough to a standard buffer over-run attack, so should be relatively simple to prevent, now that the exploit is known.
However, thinking of it in the first place is genius!
@LoganDice well thats not fucking terrifying at all
@LoganDice DNA FS when
@LoganDice this has white-collar gov't espionage written all over it, holy shit
@LoganDice malwetware
@LoganDice this work was done by my colleagues! i'm so proud of them :3
@morae @LoganDice callie you and your colleagues do some sci-fi shit
@KitRedgrave @LoganDice ayup
my most recent work has been implementing reverse image search using nothing but DNA molecules
@morae @LoganDice maybe in 30 years that'll be how we do it? :3c
@KitRedgrave @LoganDice yeah, current devices are unable to keep up with increasing demand for cat-video storage, and DNA is a strong contender for a storage system of the future.
@morae @LoganDice we *demand* more cats, goshdarnit! every dollar we taxpayers give you to research this is a dollar well spent!!!
@pea @LoganDice @KitRedgrave it's a fuckin trip to work on it for a living.
@morae @KitRedgrave @LoganDice Plus, I understand DNA can be used to store more cats?
@LoganDice Reminds me of Ghost in the Shell.
@LoganDice The researchers on this project modified the source code of the program they were actually attacking though. Yes they did find some vulnerabilities in other DNA sequencing software, but when you read the full details this doesn't sound that scary.
@LoganDice sounds like really fucking shitty gene sequencer software
@LoganDice
gunna engineer my dna to make the analyzer play my favorite soundcloud rappers
@LoganDice @XavCC Voilà, LÀ tu vas commencer à intéresser du monde au hackerspace :P
#LaFolieDesGenes ...
@LoganDice That's from a year ago. I wonder how it's advanced sine then.
@LoganDice considering the state of auto-correct, humans are really ready to scr*w the p00ch
@LoganDice In a way, it's logical, from the analyzing program's point of view, the DNA only ever is input data, but still… wow.
@LoganDice Way closer to crispr attack wasps than I thought.
@LoganDice Repeat after me: NO USER INPUT IS SECURE.
@LoganDice Proof of concept might be a bit generous. Contrived hypothetical more like it.
@LoganDice This feels like "theoretically possible" is more likely. I mean why would a gene sequencer be executing gene code? And for that matter, why would a "generic" gene sequencer interpret a given strand of DNA as code, let alone a *specific* set of instructions. It sounds to me like a fantastic science fiction plotline, but not vaguely practical in the real world right now (when it is less likely that it's been considered by the manufactures). But then I don't know.
@JigmeDatse @LoganDice Presumably a buffer overflow exploit; that's the standard way to get inputs executed when no code is expected and there's no way of including an unescaped "this is the end of the input" in the input.
Maybe get a mysql engineer to audit that sequencer code?
@LoganDice AS A BIOLOGIST THIS IS BS CLICKBAIT, THX
@LoganDice The future, if we make it that far, is gonna be wild!
@LoganDice @amydentata omfg this is such great near future sci-fi fodder.
@LoganDice
This is the most cyberpunk thing I read this weekend..
@LoganDice That's just sensationalist nonsense. Obviously, even if the gene sequencers were developed by people stupid enough not to have anticipated this, it's a simple software/firmware update to make it impossible.
Essentially, they're simply describing the equivalent of adding a partially quoted SQL command to a form field to mess with a web server's database.
These days, all important web servers escape data in a way that makes this impossible.
@LoganDice how do you even manage to exec() literal nucleotide sequences
@LoganDice If that's an article based on the paper I remember reading eons ago: it's 20 levels of theoretical, and barely even qualified as a proof of concept…
@LoganDice imagine something like that targeting 23andMe and shopping genetic sequences for clients. They require you to use a "real" name when you use the service too...
@LoganDice ugh...shipping
@LoganDice this is the most cyberpunk shit EVER
@LoganDice whAT!!!! THIS IS BOTH TERRIFYING AND AMAZING
@LoganDice its kinda scary but im more worried about the people who come in through the front door than hackers in this case although a hacked sheep that says KEK instead of Baa is a horrifying prospect
@LoganDice DNA, RNA, and DRM.
@LoganDice Wow, that is crazy indeed. Smart though...
@LoganDice @tinker A bit less spooky after you find out the "DNA exploit" researchers had altered their software to create the buffer overflow vuln that was exploited by their trick DNA. (See grafs under "far-off threat" in the Wired piece.) Still very interesting...
