Critical BIOS Vulnerabilities Leave Medical DNA Sequencers Open to Devastating Attacks

Critical BIOS Vulnerabilities Leave Medical DNA Sequencers Open to Devastating Attacks

Critical Security Flaws Found in Illumina’s DNA Sequencing Technology

Security researchers at Eclypsium have uncovered significant BIOS/UEFI vulnerabilities in Illumina’s iSeq 100 DNA sequencer, a device crucial for genetic analysis and vaccine development. The investigation revealed multiple high-risk security issues that could potentially compromise the device’s functionality and data integrity.

Key Vulnerabilities:
– Outdated BIOS firmware running in Compatibility Support Mode (CSM)
– Absence of Secure Boot protection
– Missing BIOS write protections
– Susceptibility to LogoFAIL, Spectre 2, and MDS attacks
– Nine vulnerabilities with high and medium severity scores

Potential Impact:
– Device disablement (“bricking”)
– Manipulation of test results
– Tampering with genetic analysis data
– Disruption of vaccine development processes
– Compromise of medical research integrity

The root cause stems from the use of an OEM motherboard from IEI Integration Corp, suggesting similar vulnerabilities might exist in other medical devices using the same components. Illumina has acknowledged the issues and reports releasing a patch to affected customers, though maintaining the vulnerabilities are “not high-risk.”

This discovery follows a 2023 incident where CISA and FDA issued an urgent advisory regarding critical vulnerabilities in Illumina’s Universal Copy Service, highlighting ongoing security challenges in medical technology infrastructure.

The findings emphasize the growing importance of cybersecurity in medical devices and the potential implications for healthcare and research facilities worldwide.

Share This Article