Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan Telegram Live Sex ThePornDude
Home Artists Posts Import Register

Coming up on ThreatWire Tomorrow! (Patreon)

Published:
2017-08-14 22:59:01
Edited:
2017-08-14 22:59:02
Imported:
2022-07

Content

 MalwareTech pleads not guilty, fake cell phone towers can outsmart detection apps, and hackers encode malware into DNA. Thanks for your support!!

Comments

Anonymous

On one hand, the DNA attack was really cool and almost the reverse of what happened at the end of New Rose Hotel. On the other hand, the nature of DNA sequencing is still very prone to error and random starts and stops and base misreads. The most common method at the moment tends to give reads that are about 150 bases long with a 2% misread rate while a method better for long reads can go tens of thousands of bases with about a 13% misread rate. The short reads make encoding hard and the long reads make an error very likely. The software also doesn't have much of an attack surface, and the group doing this work had to compile a modified version of the software to be vulnerable. What is a pretty common vulnerability is labs running their sequencers with the username sbsuser and password of sbs123 (default illumina machine windows admin credentials) or keeping them on unprotected internet connections (many of them still have SMBv1) or hooking in untrustworthy IOT devices in the lab (I have recorded evidence of a PCR machine participating in a DDOS attack against a server at IBM).

Shannon Morse
>>6685265

Yup, they only at a 13% success rate in getting the malware to work after sequencing. It's a stretch, but highly interesting given other forms of data have been added to DNA - like the animated gif and text example.

Anonymous
>>6685265

It's also somewhat interesting that they didn't actually use any sequence-specific programs for their exploit; the program they modified and exploited was applying some standard data compression to the fastq file and they got their buffer overflow off the compression algo. I don't know that someone could pwn the sequencing machine through the DNA, since it's so randomly read. I do have one interesting idea for this that I'll have to try out in the alignment software.

Shannon Morse
>>6685265

Edit: 37%, I forgot the exact amount. Let me know how that goes! I have nothing event remotely capable of testing something similar.

Anonymous
>>6685265

One day... I try to hack genomes professionally, and it sometimes keeps me too busy to try and hack other things. Currently trying to hack glioblastomas.

Anonymous
>>6685265

Update: Illumina (makers of the sequencing equipment) seems to have listened. <a href="https://mkt.illumina.com/rs/600-XEX-927/images/Security%20Update%20Letter%20-%20Final_170807.pdf?mkt_tok=eyJpIjoiTW1Nd1pXVmpPVGd3WlRJMCIsInQiOiIzOXlqT2RwSFNIeTlxeTRjSHJtUUpxXC85S1JhSFV0akhtRnc5a3RcL3UySk9MaWZjdlwvbll3TlwvdzZFS3dmTFJQdkNWVWFKWFYzQUQ0c2xUeWErczRMZUprQUZ2dmxzYU1zTXdsZHJiZWN4cUp1SkFHQnl4UktWXC9HOU5kTDNxSEVMIn0%3D" rel="nofollow noopener" target="_blank">https://mkt.illumina.com/rs/600-XEX-927/images/Security%20Update%20Letter%20-%20Final_170807.pdf?mkt_tok=eyJpIjoiTW1Nd1pXVmpPVGd3WlRJMCIsInQiOiIzOXlqT2RwSFNIeTlxeTRjSHJtUUpxXC85S1JhSFV0akhtRnc5a3RcL3UySk9MaWZjdlwvbll3TlwvdzZFS3dmTFJQdkNWVWFKWFYzQUQ0c2xUeWErczRMZUprQUZ2dmxzYU1zTXdsZHJiZWN4cUp1SkFHQnl4UktWXC9HOU5kTDNxSEVMIn0%3D</a>