U.S. biotechnology firm Illumina's iSeq 100 DNA sequencer is riddled with several now-patched BIOS/UEFI vulnerabilities, which could be exploited to facilitate malware compromise or device bricking, The Hacker News reports.
Vulnerable Illumina iSeq devices, which lacked firmware read and write protections and had Secure Boot disabled, could be subjected to privileged escalation attacks and subsequent arbitrary code execution in their firmware, according to an Eclypsium report. Firmware overwriting capabilities enabled by the flaws were regarded by researchers to be a significant hurdle in restoring impacted devices, especially in the wake of a potential ransomware attack. "Sequencers are critical to detecting genetic illnesses, cancers, identifying drug-resistant bacteria, and for the production of vaccines. This would make these devices a ripe target for state-based actors with geopolitical motives in addition to the more traditional financial motives of ransomware actors," said Eclypsium. Such a report comes nearly two years after Illumina's medical devices were discovered to be affected by a maximum severity vulnerability that could be leveraged for arbitrary command transmission.
