Posts Tagged ‘Andy Greenberg’

by Andy Greenberg

WHEN BIOLOGISTS SYNTHESIZE DNA, they take pains not to create or spread a dangerous stretch of genetic code that could be used to create a toxin or, worse, an infectious disease. But one group of biohackers has demonstrated how DNA can carry a less expected threat—one designed to infect not humans nor animals but computers.

In new research they plan to present at the USENIX Security conference on Thursday, a group of researchers from the University of Washington has shown for the first time that it’s possible to encode malicious software into physical strands of DNA, so that when a gene sequencer analyzes it the resulting data becomes a program that corrupts gene-sequencing software and takes control of the underlying computer. While that attack is far from practical for any real spy or criminal, it’s one the researchers argue could become more likely over time, as DNA sequencing becomes more commonplace, powerful, and performed by third-party services on sensitive computer systems. And, perhaps more to the point for the cybersecurity community, it also represents an impressive, sci-fi feat of sheer hacker ingenuity.

“We know that if an adversary has control over the data a computer is processing, it can potentially take over that computer,” says Tadayoshi Kohno, the University of Washington computer science professor who led the project, comparing the technique to traditional hacker attacks that package malicious code in web pages or an email attachment. “That means when you’re looking at the security of computational biology systems, you’re not only thinking about the network connectivity and the USB drive and the user at the keyboard but also the information stored in the DNA they’re sequencing. It’s about considering a different class of threat.”

A Sci-Fi Hack
For now, that threat remains more of a plot point in a Michael Crichton novel than one that should concern computational biologists. But as genetic sequencing is increasingly handled by centralized services—often run by university labs that own the expensive gene sequencing equipment—that DNA-borne malware trick becomes ever so slightly more realistic. Especially given that the DNA samples come from outside sources, which may be difficult to properly vet.

If hackers did pull off the trick, the researchers say they could potentially gain access to valuable intellectual property, or possibly taint genetic analysis like criminal DNA testing. Companies could even potentially place malicious code in the DNA of genetically modified products, as a way to protect trade secrets, the researchers suggest. “There are a lot of interesting—or threatening may be a better word—applications of this coming in the future,” says Peter Ney, a researcher on the project.

Regardless of any practical reason for the research, however, the notion of building a computer attack—known as an “exploit”—with nothing but the information stored in a strand of DNA represented an epic hacker challenge for the University of Washington team. The researchers started by writing a well-known exploit called a “buffer overflow,” designed to fill the space in a computer’s memory meant for a certain piece of data and then spill out into another part of the memory to plant its own malicious commands.

But encoding that attack in actual DNA proved harder than they first imagined. DNA sequencers work by mixing DNA with chemicals that bind differently to DNA’s basic units of code—the chemical bases A, T, G, and C—and each emit a different color of light, captured in a photo of the DNA molecules. To speed up the processing, the images of millions of bases are split up into thousands of chunks and analyzed in parallel. So all the data that comprised their attack had to fit into just a few hundred of those bases, to increase the likelihood it would remain intact throughout the sequencer’s parallel processing.

When the researchers sent their carefully crafted attack to the DNA synthesis service Integrated DNA Technologies in the form of As, Ts, Gs, and Cs, they found that DNA has other physical restrictions too. For their DNA sample to remain stable, they had to maintain a certain ratio of Gs and Cs to As and Ts, because the natural stability of DNA depends on a regular proportion of A-T and G-C pairs. And while a buffer overflow often involves using the same strings of data repeatedly, doing so in this case caused the DNA strand to fold in on itself. All of that meant the group had to repeatedly rewrite their exploit code to find a form that could also survive as actual DNA, which the synthesis service would ultimately send them in a finger-sized plastic vial in the mail.

The result, finally, was a piece of attack software that could survive the translation from physical DNA to the digital format, known as FASTQ, that’s used to store the DNA sequence. And when that FASTQ file is compressed with a common compression program known as fqzcomp—FASTQ files are often compressed because they can stretch to gigabytes of text—it hacks that compression software with its buffer overflow exploit, breaking out of the program and into the memory of the computer running the software to run its own arbitrary commands.

A Far-Off Threat
Even then, the attack was fully translated only about 37 percent of the time, since the sequencer’s parallel processing often cut it short or—another hazard of writing code in a physical object—the program decoded it backward. (A strand of DNA can be sequenced in either direction, but code is meant to be read in only one. The researchers suggest in their paper that future, improved versions of the attack might be crafted as a palindrome.)

Despite that tortuous, unreliable process, the researchers admit, they also had to take some serious shortcuts in their proof-of-concept that verge on cheating. Rather than exploit an existing vulnerability in the fqzcomp program, as real-world hackers do, they modified the program’s open-source code to insert their own flaw allowing the buffer overflow. But aside from writing that DNA attack code to exploit their artificially vulnerable version of fqzcomp, the researchers also performed a survey of common DNA sequencing software and found three actual buffer overflow vulnerabilities in common programs. “A lot of this software wasn’t written with security in mind,” Ney says. That shows, the researchers say, that a future hacker might be able to pull off the attack in a more realistic setting, particularly as more powerful gene sequencers start analyzing larger chunks of data that could better preserve an exploit’s code.

Needless to say, any possible DNA-based hacking is years away. Illumina, the leading maker of gene-sequencing equipment, said as much in a statement responding to the University of Washington paper. “This is interesting research about potential long-term risks. We agree with the premise of the study that this does not pose an imminent threat and is not a typical cyber security capability,” writes Jason Callahan, the company’s chief information security officer “We are vigilant and routinely evaluate the safeguards in place for our software and instruments. We welcome any studies that create a dialogue around a broad future framework and guidelines to ensure security and privacy in DNA synthesis, sequencing, and processing.”

But hacking aside, the use of DNA for handling computer information is slowly becoming a reality, says Seth Shipman, one member of a Harvard team that recently encoded a video in a DNA sample. (Shipman is married to WIRED senior writer Emily Dreyfuss.) That storage method, while mostly theoretical for now, could someday allow data to be kept for hundreds of years, thanks to DNA’s ability to maintain its structure far longer than magnetic encoding in flash memory or on a hard drive. And if DNA-based computer storage is coming, DNA-based computer attacks may not be so farfetched, he says.
“I read this paper with a smile on my face, because I think it’s clever,” Shipman says. “Is it something we should start screening for now? I doubt it.” But he adds that, with an age of DNA-based data possibly on the horizon, the ability to plant malicious code in DNA is more than a hacker parlor trick.

“Somewhere down the line, when more information is stored in DNA and it’s being input and sequenced constantly,” Shipman says, “we’ll be glad we started thinking about these things.”

https://www.wired.com/story/malware-dna-hack/?mbid=nl_81017_p1&CNDID=50678559

Advertisements


A mockup of Edward Snowden and Bunnie Huang’s iPhone modification, showing the SIM card slot through which their hardware add-on would access the phone’s antennae to monitor them for errant signals.

By Andy Greenberg

When Edward Snowden met with reporters in a Hong Kong hotel room to spill the NSA’s secrets, he famously asked them put their phones in the fridge to block any radio signals that might be used to silently activate the devices’ microphones or cameras. So it’s fitting that three years later, he’s returned to that smartphone radio surveillance problem. Now Snowden’s attempting to build a solution that’s far more compact than a hotel mini-bar.

On Thursday at the MIT Media Lab, Snowden and well-known hardware hacker Andrew “Bunnie” Huang plan to present designs for a case-like device that wires into your iPhone’s guts to monitor the electrical signals sent to its internal antennas. The aim of that add-on, Huang and Snowden say, is to offer a constant check on whether your phone’s radios are transmitting. They say it’s an infinitely more trustworthy method of knowing your phone’s radios are off than “airplane mode,” which people have shown can be hacked and spoofed. Snowden and Huang are hoping to offer strong privacy guarantees to smartphone owners who need to shield their phones from government-funded adversaries with advanced hacking and surveillance capabilities—particularly reporters trying to carry their devices into hostile foreign countries without constantly revealing their locations.

“One good journalist in the right place at the right time can change history,” Snowden told the MIT Media Lab crowd via video stream. “This makes them a target, and increasingly tools of their trade are being used against them.”1

“They’re overseas, in Syria or Iraq, and those [governments] have exploits that cause their phones to do things they don’t expect them to do,” Huang elaborated to WIRED in an interview ahead of the MIT presentation. “You can think your phone’s radios are off, and not telling your location to anyone, but actually still be at risk.”

Huang’s and Snowden’s solution to that radio-snitching problem is to build a modification for the iPhone 6 that they describe as an “introspection engine.” Their add-on would appear to be little more than an external battery case with a small mono-color screen. But it would function as a kind of miniature, form-fitting oscilloscope: Tiny probe wires from that external device would snake into the iPhone’s innards through its SIM-card slot to attach to test points on the phone’s circuit board. (The SIM card itself would be moved to the case to offer that entry point.) Those wires would read the electrical signals to the two antennas in the phone that are used by its radios, including GPS, Bluetooth, Wi-Fi and cellular modem. And by identifying the signals that transmit those different forms of radio information, the modified phone would warn you with alert messages or an audible alarm if its radios transmit anything when they’re meant to be off. Huang says it could possibly even flip a “kill switch” to turn off the phone automatically.

“Our approach is: state-level adversaries are powerful, assume the phone is compromised,” Huang says. “Let’s look at hardware-related signals that are extremely difficult to fake. We want to give a you-bet-your-life assurance that the phone actually has its radios off when it says it does.”1

You might think you can achieve the same effect by simply turning your iPhone off with its power button, or placing it in a Faraday bag designed to block all radio signals. But Faraday bags can still leak radio information, Huang says, and clever malware can make an iPhone appear to be switched off when it’s not, as Snowden warned in an NBC interview in 2014. Regardless, Huang says their intention was to allow reporters to reliably disable a phone’s radio signals while still using the device’s other functions, like taking notes and photographs or recording audio and video.

Snowden, who performed the work in his capacity as a director of the Freedom of the Press Foundation, adds that their goal isn’t merely just protection for journalists. It’s also detection of otherwise stealthy attacks on phones, the better to expose governments’ use of hidden smartphone surveillance techniques. “You need to be able to increase the costs of getting caught,” Snowden said in a video call with WIRED following the presentation. “All we have to do is get one or two or three big cases where we catch someone red-handed, and suddenly the targeting policies at these intelligence agencies will start to change.”2

The problem, for Snowden, is personal. He tells WIRED he hasn’t carried a smartphone since he first began leaking NSA documents, for fear that its cellular signals could be used to locate him. (He notes that he still hasn’t “seen any indication” that the U.S. government has been able to determine his exact location in Russia.) “Since 2013, I haven’t been able to have a smartphone like normal people,” he says. “Wireless devices are kind of like kryptonite to me.”

Huang and Snowden’s iPhone modification, for now, is little more than a design. The pair has tested their method of picking up the electrical signals sent to an iPhone 6’s antennae to verify that they can spot its different radio messages. But they have yet to even build a prototype, not to mention a product. But on Thursday they released a detailed paper explaining their technique. They say they hope to develop a prototype over the next year and eventually create a supply chain in China of modified iPhones to offer journalists and newsrooms. To head off any potential mistrust of their Chinese manufacturers, Huang says the device’s code and hardware design will be fully open-source.

Huang, who lives in Singapore but travels monthly to meet with hardware manufacturers in Shenzhen, says that the skills to create and install their hardware add-on are commonplace in mainland China’s thriving iPhone repair and modification markets. “This is definitely something where, if you’re the New York Times and you want to have a pool of four or five of these iPhones and you have a few hundred extra dollars to spent on them, we could do that.” says Huang. “The average [DIY enthusiast] in America would think this is pretty fucking crazy. The average guy who does iPhone modifications in China would see this and think it’s not a problem.”
The two collaborators have never met face-to-face. Snowden says he first met Huang after recommending him to television producers at Vice, who were looking for hardware hacking experts. “He’s one of the hardware researchers I respect the most in the world,” Snowden says. In late 2015, they began talking via the encrypted communications app Signal about Snowden’s idea of building an altered phone to protect journalists from advanced attacks that could compromise their location.

Huang insists that Snowden’s focus for the project from the beginning has been protecting that breed of vulnerable reporters, not from the NSA, but from foreign governments that are increasingly able to buy zero-day vulnerability information necessary to compromise even hard-to-hack targets like the iPhone. As a case study, they point in their paper to the story of Marie Colvin, the recently murdered American war correspondent whose family is suing Syria’s government; Colvin’s family claims she was tracked based on her electronic communications and killed in a targeted bombing by the country’s brutal Assad regime for reporting on civilian casualties.

Huang says he’s tried to develop the most no-frills protection possible that still meets Snowden’s rightfully paranoid standards. “If it wasn’t for the fact that Snowden is involved, I think this would seem pretty mundane,” Huang says almost bashfully. “My solution is simple. But it helps an important group of people.”

Snowden Designs a Device to Warn if Your iPhone’s Radios Are Snitching

Thanks to Kebmodee for bringing this to the It’s Interesting community.