- Eclypsium Researchers Discover Vulnerability in How iSeq 100 Boots
- The bug allows malicious actors to establish persistence, block the device, or falsify results.
- A fix has since been made available, so update now
A popular DNA sequencer has been found to carry a vulnerability that allows malicious actors to establish persistence on the device, destroy the hardware or even falsify the results, experts have claimed.
Eclypsium researchers analyzed the BIOS firmware in iSeq 100, a DNA sequencer built by American biotechnology company Illumina, a benchtop sequencing system designed for small-scale genomic and targeted sequencing applications. It is used to read and analyze DNA, help researchers understand genetic information, study diseases, develop treatments, or explore connections between organisms.
Eclypsium said the device boots an older version of BIOS firmware, which even worked in Compatibility Support Mode (CSM), in order to support older devices. It did not boot with standard protections, including Secure Boot technology.
Manipulation of results
All of this left iSeq 100 vulnerable to nine different bugs, some discovered in 2017, and with different severity scores. Malicious actors could launch LogoFAIL, Specter 2 and Microarchitectural Data Sampling (MDS) attacks against these devices, it has been claimed.
To make matters worse, Eclypsium stated that it only analyzed this specific model and that it is possible that other models also suffer from the same drawbacks, especially since the motherboards in these devices were built by a third party .
“If data is manipulated through an implant/backdoor in these devices, then a malicious actor can manipulate a wide range of outcomes, including simulating the presence or absence of hereditary diseases, manipulating medical treatments or new vaccines, simulate ancestry DNA research, etc. » said Eclypsium.
Since this discovery, Eclypsium informed the manufacturer of the iSeq 100, who came back with a patch. It is unclear how many devices are vulnerable or how quickly the patch will be applied to each of them.
“Our initial assessment indicates that these issues are not high risk,” an Illumina representative said. BeepComputer.
Via BeepComputer
