Scientists eavesdrop on DNA synthesizer to steal genetic blueprint

Scientists eavesdrop on DNA synthesizer to steal genetic blueprint
UCI researchers who helped discover that hackers can steal genetic blueprints by interpreting the sounds emitted by a DNA synthesizer are (from left) Mohammad Al Faruque, associate professor of electrical engineering & computer science; Arnav Malawade, a graduate student in Al Faruque’s lab; John Chaput, professor of pharmaceutical sciences; and Sina Faezi, also a graduate student in Al Faruque’s lab. Credit: Steven Zylius / UCI

During the DNA synthesis process in a laboratory, recordings can be made of the subtle, telltale noises made by synthesis machines. And those captured sounds can be used to reverse-engineer valuable, custom-designed genetic materials used in pharmaceuticals, agriculture and other bioengineering fields.

Researchers from the University of California, Irvine and the University of California, Riverside have uncovered the possibility of an acoustic side-channel attack on the DNA synthesis process, a vulnerability that could present a serious risk to biotechnology and and academic research institutions.

"A few years ago, we published a study on a similar method for stealing blueprints of objects being fabricated in 3-D printers, but this attack on DNA synthesizers is potentially much more serious," said Mohammad Al Faruque, UCI associate professor of electrical engineering & computer science. "In the wrong hands, DNA synthesis capability could result in bioterrorists synthesizing, at will, harmful pathogens such as anthrax."

Al Faruque said his lab's discovery might also be used for a good cause: "Government agencies can employ the same technique as a monitoring tool to nullify the possibility of such activities."

A DNA synthesizer is a complex machine with meandering pipes, fluid reservoirs, solenoid valves and electrical circuitry. Chemicals—which have their own unique acoustic signatures due to their varying densities—flow through tubes, creating distinct noises punctuated by the clicking of valves and the whirring of pressure pump motors.

"All of these inner workings of a DNA synthesizer result in the emission of subtle but distinguishable sound signatures that can give clues as to the specific genetic material being generated," said Sina Faezi, a UCI graduate student in electrical engineering & computer science, who will present a paper on the potential threat of an acoustic side attack on DNA synthesizers at the Network & Distributed System Security Symposium taking place Feb. 24-27 in San Diego.

He said that in many cases, variances in the sounds produced are so tiny that people can't distinguish them. "But through careful feature engineering and a bespoke machine learning algorithm written in [Al Faruque's] lab, we were able to pinpoint those differences," he said.

Another factor that enables DNA synthesis information to be stolen is the design of the synthesizers themselves, according to Faezi. "Solenoid valves are placed asymmetrically inside the housing, so when a valve is working in one corner of the box, it makes a completely difference noise than one that's working in the middle," he said.

If hackers know which device model is in use, they'll have one more piece of the puzzle in place.

"Any active machine emits a trace of some form: physical residue, electromagnetic radiation, acoustic noise, etc.," said study collaborator Philip Brisk, UC Riverside associate professor of computer science & engineering. "The amount of information in these traces is immense, and we have only hit the tip of the iceberg in terms of what we can learn and reverse-engineer from it."

Al Faruque, head of UCI's Advanced Integrated Cyber-Physical Systems Lab, added that the ubiquity of recording devices, such as smartphones, makes the problem even more pervasive.

"Let's say you're a good person who works in a lab. I can hack into your phone and essentially hijack it to record sound that I can eventually retrieve," he said. "Furthermore, some biological labs have acoustic sensors mounted on the walls, and more people are adopting technologies like Google Home or Alexa—all of these can be used to pilfer sounds."

With their side-channel attack methodology, the researchers said, they can predict each base in a DNA sequence with about 88 percent accuracy, and they're able to reconstruct short sequences with complete reliability. Their technique functions best when a recording device is placed within a couple feet of a DNA sequencing machine, they said, but the algorithm works even in the presence of noise from an air conditioner or peoples' voices.

Al Faruque stressed that this sort of attack is too sophisticated for a small-time criminal or terrorist to pull off but is not beyond the capability of state actors. The stakes are high: The for synthetic biological products is expected to reach almost $40 billion by 2020. And that market share is expected to grow, particularly in the area of DNA data storage, an application being pursued by heavy-hitting technology companies.

Faezi noted that there are some ways to prevent snooping attacks. Machine designers could arrange the pipes and valves in a way that mitigates the emission of distinct sounds, and the DNA synthesis process can be scrambled and randomized to block hackers from piecing together the intellectual property.

Explore further

Researchers find security breach in 3-D printing process

More information: … 5B-1_Faezi_paper.pdf
Citation: Scientists eavesdrop on DNA synthesizer to steal genetic blueprint (2019, February 25) retrieved 18 July 2019 from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Feedback to editors

User comments

Feb 25, 2019
' predict each base in a DNA sequence with about 88 percent accuracy ....recording device is placed within a couple feet of a DNA sequencing machine'

Who would bother with this when millions of people willingly hand over their DNA data with $99 or less testing kits which they are willing to pay.

Feb 25, 2019
This is a hack of the sequence being SYNTHESIZED using liquid reagents to make DNA and RNA strands. They could be a 50 mer but are likely much shorter in length. That is far short of the size of the smallest plant viroids and much less than a bacteria DNA sequence. The hacker could also walk up to the front panel of the machine and take a pic of the sequence with her cell phone cam. That would net her 100% accuracy instead of 88%. If this is a core facility, there will be many synthesizers clicking away simultaneously and that makes quite a racket. Not sure how this info can be re-assembled into anything useful. Those short sequences are typically part of a much bigger project and they are often broken up into jobs sent to different machines based on chemistries required to complete them.

Feb 26, 2019
This is a hack of the sequence being SYNTHESIZED using liquid reagents to make DNA and RNA strands.

Yes, not exactly a sequencer. Though possibly that too can be side-channeled, but again if a shotgun sequencer not very useful and also typically secure area due to contamination and exactly privacy risks. If not, long read machines are typically less noisy for reasons such as smaller footprint et cetera.

Good to know potential risks but not exactly an ongoing concern at this time.

Feb 26, 2019
Sequencers do not make noise due to valves opening to delivery liquid reagents. The read of a DNA or RNA sequence is extremely fast in a modern high throughput sequencer is in the order of kilobases per hour and faster. If you want to hack the readout of the sequence, best to hack the ethernet connection of the lab equipment to the desktop computers where the dat is stored and processed, perhpas via a surreptious dongle.

This side channel hacker story is only concerning a hack by deconvoluting the audible noise signals generated by the valves opeining and closing according to a preprogrammed machine operating cycle. The additon of each base will result in valve timing and noise diffierences that these hackers claim to be able to deconvolute into a sequence of base additions to make up the sequence being synthesized. Nothing more. My precious point was that this information is of no particular value except to the machine operators and core facility.

Mar 04, 2019
It is a fraudulent use of taxpayer money to find more clever ways of protect trade secrets for companies, which is the real and most costly theft. Privatized R&D and technology obfuscation are loopholes in the patent system. Our best science and greatest progress ALWAYS comes from taxpayer funded open-source research, and it is no rubics cube mystery why...knowledge and progress die in darkness. If big pharm and tech gets any more money and power, technological feudalism and a new dark ages for science will ensue. Trade secrets are fraudulent ways companies avoid obeying the law and claim expirable patents. This hurt innovation and our progress longterm and does nothing to reward creators, only speculators and grifters, who will do everything in their power to ensure lack, of access to insulin and epipens maximizes profit regardless of the murders they cause. Good work "sceintists!!" You should be real proud of yourselves as bootlickers to corporate grifters and misusing taxes.

Mar 04, 2019
Back in the day they did this with EMI sensors and called it "van Eck phreaking." Same idea except with sound, not EM.

Mar 04, 2019
It's also interesting how many people don't get the difference between analysis and synthesis.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more