Portable genetic sequencers used around the world to sequence DNA have critical, previously unreported security vulnerabilities that could reveal or alter genetic information without detection, according to a new study.
Researchers from the University of Florida have, for the first time, exposed these security risks in devices from Oxford Nanopore Technologies, which produces nearly all the portable genetic sequencers in the world.
Alerted by the security researchers, Oxford Nanopore Technologies has rolled out updated software to patch the vulnerabilities. But out-of-date software, or unsecured internet systems, could still leave some DNA sequencers vulnerable to attack.
“No one in the world had looked at the security of these devices, which shocked me,” said Christina Boucher, Ph.D., a professor of computer and information science and engineering at UF, expert in bioinformatics, and co-author of the new report.
Boucher collaborated with Sara Rampazzi, Ph.D., also a professor of computer and information science and engineering, cybersecurity expert and project lead at UF, and students in the department to test Nanopore sequencers for security flaws. The study serves as a warning to the scientific community that new threats to genomic data urge a shift toward “secure-by-design” systems as portable DNA sequencers become increasingly common. The team published their findings Nov. 10 in Nature Communications.