
Cybersecurity researchers have uncovered firmware safety vulnerabilities within the Illumina iSeq 100 DNA sequencing machine, which, if efficiently exploited, may enable attackers to persistently set up or deploy malware on delicate units.
“The Illumina iSeq 100 helps very outdated BIOS firmware implementations utilizing CSM (Compatibility Help Mode) mode and with out Safe Boot or commonplace firmware write protections. used,” Eclypsium mentioned in a report shared with The Hacker Information.
“This may enable an attacker on the system to overwrite the system’s firmware to both ‘brick’ the machine or set up a firmware implant for the attacker to proceed.”

Whereas Unified Extensible Firmware Interface (UEFI) is a contemporary various to the Fundamental Enter/Output System (BIOS), the firmware safety firm mentioned the iSeq 100 boots an older model of the BIOS (B480AM12 – 04/12/2018) . Recognized vulnerabilities
Additionally notably lacking are protections to inform the {hardware} the place it might probably learn and write firmware, thus permitting an attacker to switch the machine’s firmware. Safe Boot can be not enabled, thus malicious adjustments to the firmware aren’t detected.

Eclipsem identified that it’s not acceptable to assist CSM for brand spanking new high-value belongings, as it’s primarily for older units that can’t be upgraded and wish to take care of compatibility. After the accountable disclosure, Illumina has issued a repair.
In a hypothetical assault situation, an adversary may goal unpatched Illumina units, escalate their privileges, and write arbitrary code to the firmware.
This isn’t the primary time that severe vulnerabilities have been revealed in DNA gene sequencers from Illumina. In April 2023, a important safety flaw (CVE-2023-1968, CVSS rating: 10.0) made it doable to intercept community site visitors and transmit arbitrary instructions remotely.

“The flexibility to overwrite the firmware on the iSeq 100 will allow attackers to simply disable the machine, creating a big barrier within the context of a ransomware assault. Making an attempt to recuperate the machine through,” mentioned Eclipse.
“This could considerably increase the stakes within the context of ransomware or cyberattacks. Sequencers are necessary for detecting genetic ailments, most cancers, figuring out drug-resistant micro organism and creating vaccines. Ransomware Actors with geopolitical targets apart from conventional monetary targets.”