- Eclypsium researchers find vulnerability in the way iSeq 100 starts
- The bug allows threat actors to establish persistence, lock the device, or alter results.
- Since then, a patch is available, so update now.
A popular DNA sequencer has been discovered to have a vulnerability that allows threat actors to establish persistence on the device, destroy the hardware or even alter the results, experts said.
Eclypsium researchers analyzed the BIOS firmware on the iSeq 100, a DNA sequencer built by US biotechnology company Illumina, a benchtop sequencing system designed for small-scale genomics and targeted sequencing applications. It is used to read and analyze DNA, help researchers understand genetic information, study diseases, develop treatments, or explore how organisms are related.
Eclypsium said the device boots an older version of the BIOS firmware, which was even run in Compatibility Support Mode (CSM), to support older devices. It didn’t boot with standard protections, including Secure Boot technology.
Manipulate results
All of this left the iSeq 100 vulnerable to nine different bugs, some discovered in 2017, and with different severity scores. It was claimed that threat actors could launch LogoFAIL, Specter 2, and Microarchitectural Data Sampling (MDS) attacks against these devices.
To make matters worse, Eclypsium said that it only reviewed this specific model, and that other models may also suffer from the same drawbacks, especially since the motherboards for these devices were built by a third party.
“If data is manipulated through an implant/backdoor into these devices, then a threat actor can manipulate a wide range of outcomes, including falsifying the presence or absence of hereditary conditions, manipulating medical treatments or new vaccines, falsification of ancestral DNA research, etc.” Eclypsium said.
Since making the discovery, Eclypsium notified the iSeq 100 manufacturer, who came back with a patch. It was not reported how many devices are vulnerable or how quickly the patch will be applied to all of them.
“Our initial assessment indicates that these issues are not high risk,” an Illumina representative said. beepcomputer.
Through beepcomputer
