A private DNA ancestry database that’s been used by police to catch criminals is a security risk from which a nation-state could steal DNA data on a million Americans, according to security researchers.
Security flaws in the service, called GEDmatch, not only risk exposing people’s genetic health information but could let an adversary such as China or Russia create a powerful biometric database useful for identifying nearly any American from a DNA sample.
[Researcher Peter] Ney, along with professors and DNA security researchers Luis Ceze and Tadayoshi Kohno, described in a report posted online how they developed and tested a novel attack employing DNA data they uploaded to GEDmatch.
Using specially designed DNA profiles, they say, they were able to run searches that let them guess more than 90% of the DNA data of other users.
According to [MyHeritage chief scientist Yaniv] Erlich, the vulnerability has national security implications. If a foreign counterintelligence agency grabbed a million American DNA profiles, that country could use genetic genealogy to identify the true identity of American spies or diplomats, locate their relatives, or discover genetic kompromat like unacknowledged children.
Read full, original post: The DNA database used to find the Golden State Killer is a national security leak waiting to happen