An Attacker’s Day into Human Virology 6: Crossing the Frontier

The primary issue looked into within this part of the presentation is blurring and crossing the border between the realms of biological and computer viruses.

Same Essence, Different Materialization

Now, you guys who are security researches probably know that software is vulnerable. And all these data, generated daily, at some point is processed by software, takes it as an input. And software sometimes, when presented with unexpected inputs, will just crash and direct the execution flow to memory and trigger stack overflow, etc. What if that flow of execution gets redirected accidentally in the memory somewhere to these eight characters? Then you get the virus spontaneously being born.

Such similar and different worlds

Such similar and different worlds

The probability of this happening is, I think, not null, because there is so much information flowing, and so much vulnerable software also, so it accidently could happen. It would be very interesting to compute, to give an evaluation to that probability, which is a bit out of the scope of this study but will make an interesting research.

So, we’ve seen that computer and biological viruses share the same essence. Essentially, they are the same inside. They are information coding for replicative and parasitic behavior. But this info is materialized differently. In biological viruses it is materialized by molecules, in computer viruses it is materialized by electromagnetic properties. So, the question sounds foolish – can one virus cross to the other realm and vice versa, as they are not in the same material realm?

The Blurred Frontier

Blurring the frontier as a proof of concept

Blurring the frontier as a proof of concept

If the frontier cannot be crossed, at least it can be blurred. Today people have inside their bodies ear implants, brain stimulators and other cybernetic devices. The more it goes, the more the cybernetic devices will become smart, advanced and will more look like computers with operating system inside them. And what if these computers would be vulnerable to viruses?

As a matter of fact, in 2010 a researcher from a university in Scotland, as a proof of concept, implanted RFID chip under the skin in his hand. He would use it to authenticate at different locations in the university. As a proof of concept, he implanted a virus inside the RFID chip that infected the RFID readers. Granted this is not new, as RFID viruses have been known for years. But that research does prove the point that a virus can hop from the new man to a computer.

And in that case, not really the biological virus that evolved crossed the border; it’s more like the definition of the biological realm that evolved, at least the definition of a living organism within the biological realm, which makes it possible.

Crossing the Frontier

The frontier can be and has been crossed

The frontier can be and has been crossed

If you really want to cross the frontier, here is some interesting food for thought. We saw that in 2002 some scientists could synthesize the Polio virus. In 2010, another team of scientists led by Craig Venter could synthesize a bacterium out of nothing in a lab. Beyond this, daily, genes are modified, created, synthesized, and injected into living organisms for different applications – this is called bio technologies; for industrial applications to produce drugs; for agriculture and other applications.

Now, all these genes, the sequence that makes those genes, are stored somewhere, they are stored somewhere on computers, in databases on computers. What if a computer virus infects that computer, takes control over the database, injects its own DNA sequence inside? Then you get the lab starting to produce this injected sequence, possibly at an industrial scale. And then you get the virus that hopped from the computer to the biological world.

Conversely, if you want to hop from the biological world into the computer world, it is the same thing. All the labs in the world that map the genomes of living beings, of viruses and bacteria – once they analyze the sequence of nucleotides, where do they store them? In computers, in databases. And you have some software that takes as input the sequence that they found, and of course software may be vulnerable.

What if you take control of the database and inject some sequence into the industrial genes?

Just imagine software that is dedicated to processing the genetic material of a certain type of biological virus, like only the flu for example. So, it expects DNA strand that is 20 KB long. If you synthesize a virus in a lab but its DNA strand is twice longer, and the software fails to check for the length, then when the software starts to sequence the genetic material of your virus, this will create a stack overflow condition. And it can redirect the execution flow somewhere into the database or code for a computer virus. And then you get a hop from the biological world into the computer world.

It sounds like science fiction but it is quite interesting. And actually there would be some motivations to do that. You may want, as for example a terrorist group, to access databases containing genetic material. You may want to do that traditionally through attacking computers and sending computer viruses, Trojan horses or whatever. What if you just do what I just explained – release a virus of your own that will infect the database when it’s being sequenced, take control of the database, and inject some sequence into the industrial genes? That way, the virus would be produced industrially. This is an interesting scenario. And this concludes our presentation.

Read previous: An Attacker’s Day into Human Virology 5: Thoughts on Designed Biological Viruses and Darwinian Computer Viruses

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: