Breaking News

Insurance Firms Ask Edison to Preserve Evidence for LA Wildfire

UK’s first taxpayer-funded injection room to open in radical move to tackle drugs epidemic | UK News

Tearful Jennie Garth Thanks Ex Peter Facinelli for Helping Her in Fire

Sonic SVM and AHT tokens get new market pairs on Bithumb

Tesla board that gave itself nearly $1 billion in excess compensation must now return money

US Air Force chooses Verizon for network upgrades, despite Salt Typhoon intrusions

Bulls Struggle to Hold Support

Musk interviews German far-right frontwoman Alice Weidel

Megan Thee Stallion Granted Restraining Order Against Tory Lanez

UK’s first taxpayer-funded injection room to open in radical move to tackle drugs epidemic | UK News

January 10, 2025

Musk interviews German far-right frontwoman Alice Weidel

January 10, 2025

Major companies part of drive to get thousands of offenders in work | UK News

January 10, 2025

Boeing and Google give $1m each to Trump’s inauguration

January 10, 2025

Experts warn DNA sequencers are vulnerable to bootkit attacks

January 9, 2025

News@Admin

Experts warn DNA sequencers are vulnerable to bootkit attacks

2 min read

Researchers from Eclypsium find vulnerability in the way iSeq 100 boots up
The bug allows threat actors to establish persistence, brick the device, or tamper with the results
A patch has since been made available, so update now

A popular DNA sequencer has been found carrying a vulnerability allowing threat actors to establish persistence on the device, destroy the hardware, or even tamper with the results, experts have claimed.

Researchers from Eclypsium analyzed the BIOS firmware in iSeq 100, a DNA sequencer built by a US biotechnology company Illumina, a benchtop sequencing system designed for small-scale genomic and targeted sequencing applications. It is used to read and analyze DNA, help researchers understand genetic information, study diseases, develop treatments, or explore how organisms are related.

Eclypsium said the device boots an older version of the BIOS firmware, which even ran in Compatibility Support Mode (CSM), in order to support older devices. It did not boot with standard protections, including Secure Boot technology.

Manipulating outcomes

All of this made iSeq 100 vulnerable to nine different bugs, some discovered in 2017, and with different severity scores. Threat actors could launch LogoFAIL, Spectre 2, and Microarchitectural Data Sampling (MDS) attacks against these devices, it was claimed.

To make matters worse, Eclypsium said it only analyzed this specific model, and that it is possible that other models are suffering from the same drawbacks, as well, especially since the motherboards in these devices were built by a third party.

“If the data is manipulated by an implant/backdoor in these devices, then a threat actor may manipulate a wide range of outcomes including faking presence or absence of hereditary conditions, manipulating medical treatments or new vaccines, faking ancestry DNA research, etc,” Eclypsium said.

Since making the discovery, Eclypsium notified the iSeq 100 manufacturer, who came back with a patch. There was no word on how many devices are vulnerable, or how fast the patch will be applied on all of them.

“Our initial evaluation indicates these issues are not high-risk,” an Illumina representative told BleepingComputer.

Via BleepingComputer

Source link