DNA
Pixabay.com

Online services such as GEDMatch, MyHeritage and FamilyTreeDNA have become popular places for people to upload their genetic information and are used by law enforcement to find criminal suspects through a DNA match with relatives. Thus, millions of people have sent samples of their saliva to commercial labs in hopes of learning something new about their health or heritage.

Industry giants such as said websites offer tutorials on how to search for relatives in phone directories, or share results in social media and sell access to their databases to big pharmaceutical and Medtech companies.

But these online services may be vulnerable to a sort of genetic hacking, according to a paper published today in eLife by two geneticists at the University of California, Davis. As users continue to share their genetic information with these public databases, they may be opening themselves up to a form of data theft. Thus, cybercriminals can target such a database with sensitive information to pose a digital threat.

Graham Coop and Michael Edge warn that someone with expertise in genetics and computing could design and upload DNA sequences that extract far more from these databases than some lost relatives.

According to the research team, by uploading certain DNA sequences, it may be possible for hackers to collect the genomes of many people in a database or successfully identify individuals with specific genetic variants linked to traits like Alzheimer's disease.

And according to Coop, people are giving up more information than they think while uploading all DNA details in such sites and unlike credit card details they can't change or cancel their genome to get a new one. These websites allow a user to upload DNA sequences and people can also search for other users with the matching sequence.

With the advent of the popularity of DNA test kits, most people find it appealing to find out more about their ancestry and genealogical relationships or to estimate their ethnic mix. Following that,direct-to-consumer DNA tests can nowadays easily be done from the comfort of a person's own home and at an affordable price.

However, researchers say these potential vulnerabilities do not apply to for-profit DNA sequencing companies, in which users must submit a sample of their DNA to be granted access to the service's database. In contrast, public databases allow anyone to upload any DNA sequences and search for other users with matching genes.

One example is 23andMe, said Coop, where you have to submit your DNA as a saliva sample to get access to their genetic data.

Meanwhile, researchers at the University of Washington have found that GEDmatch is vulnerable to multiple kinds of security risks. For example, An adversary can use only a small number of comparisons to extract someone's sensitive genetic markers and a malicious user could also construct a fake genetic profile to impersonate someone's relative.

A paper describing the problem was posted online on October 22, 2019, so in Mid-July, Coop and Edge notified the database companies of the problem to allow them time to put countermeasures in place.