-2.7 C
New York
Wednesday, January 8, 2025

Researchers Uncover Main Safety Flaw in Illumina iSeq 100 DNA Sequencers


Jan 07, 2025Ravie LakshmananFirmware Safety / Malware

Researchers Uncover Main Safety Flaw in Illumina iSeq 100 DNA Sequencers

Cybersecurity researchers have uncovered firmware safety vulnerabilities within the Illumina iSeq 100 DNA sequencing instrument that, if efficiently exploited, may allow attackers to brick or plant persistent malware on prone units.

“The Illumina iSeq 100 used a really outdated implementation of BIOS firmware utilizing CSM [Compatibility Support Mode] mode and with out Safe Boot or commonplace firmware write protections,” Eclypsium mentioned in a report shared with The Hacker Information.

“This is able to permit an attacker on the system to overwrite the system firmware to both ‘brick’ the gadget or set up a firmware implant for ongoing attacker persistence.”

Cybersecurity

Whereas the Unified Extensible Firmware Interface (UEFI) is the trendy substitute for the Fundamental Enter/Output System (BIOS), the firmware safety firm mentioned the iSeq 100 boots to an outdated model of BIOS (B480AM12 – 04/12/2018) that has identified vulnerabilities.

Additionally noticeably absent are protections to inform the {hardware} the place it may well learn and write firmware, thereby permitting an attacker to switch gadget firmware. Additionally not enabled is Safe Boot, thereby permitting malicious modifications to the firmware to go undetected.

DNA Sequencers

Eclypsium identified that it is not advisable for newer high-value belongings to help CSM, because it’s mainly meant for outdated units that may’t be upgraded and wish to take care of compatibility. Following accountable disclosure, Illumina has launched a repair.

In a hypothetical assault state of affairs, an adversary may goal unpatched Illumina units, escalate their privileges, and write arbitrary code to the firmware.

This isn’t the primary time extreme vulnerabilities have been disclosed in DNA gene sequencers from Illumina. In April 2023, a essential safety flaw (CVE-2023-1968, CVSS rating: 10.0) may have made it attainable to listen in on community site visitors and remotely transmit arbitrary instructions.

Cybersecurity

“The power to overwrite firmware on the iSeq 100 would allow attackers to simply disable the gadget, inflicting important disruption within the context of a ransomware assault. This is able to not solely take a high-value gadget out of service, it will additionally doubtless take appreciable effort to recuperate the gadget by way of manually reflashing the firmware,” Eclypsium mentioned.

“This might considerably increase the stakes within the context of a ransomware or cyberattack. Sequencers are essential to detecting genetic diseases, cancers, figuring out drug-resistant micro organism, and for the manufacturing of vaccines. This is able to make these units a ripe goal for state-based actors with geopolitical motives along with the extra conventional monetary motives of ransomware actors.”

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we submit.



Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles