Genotype Extraction and False Relative Attacks



A group of researchers at the University of Washington found that GEDmatch is vulnerable to multiple kinds of security risks. The research team discovered that a malicious person could extract someone else’s genetic markers and use them to create a fake genetic profile to impersonate someone’s relative.

The research paper is titled: “Genotype Extraction and False Relative Attacks: Security Risks to Third-Party Genetic Genealogy Services Beyond Identity Interference”. The researchers are Peter Ney, Luiz Ceze, and Tadayoshi Kohono, who are part of the Paul G. Allen School of Computer Science & Engineering at Washington University. The research has been accepted at the Network and Distributed System Security Symposium (where it will be presented in February of 2020).

According to UW News, the team created a research account on GEDmatch, and used it to look for security issues. They uploaded experimental genetic profiles that they created by mixing and matching genetic data from multiple databases of anonymous profiles. GEDmatch assigned these profiles an ID that people can use to do one-to-one comparisons with their own profiles. The comparisons are presented in bar format.

The researchers wanted to know if an adversary could use that bar to find out a specific DNA sequence within one region of a target’s profile. To do this search, the team designed four “extraction profiles” they could use for one-to-one comparisons with a target profile they created. They discovered that it was possible for to deduce the target’s specific sequence for that region.

In addition, the researchers found that an adversary could use a similar technique to acquire a target’s entire profile. The adversary could then use that information to create a profile for a false relative. Genealogists will likely find this possibility to be absolutely horrifying!

The researchers shared what they learned with GEDmatch before publishing. GEDmatch is working to resolve these issues.

Related Articles at FamilyTree.com:

GEDMatch Updated its Privacy Policy

Department of Justice Made Rules About Forensic Genetic Genealogy

Differences Between DNA Testing for Genealogy and for Criminals

< Return To Blog

Leave a Reply

Your email address will not be published.