Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers

The Hacker News by The Hacker News
January 7, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Jan 07, 2025Ravie LakshmananFirmware Security / Malware

Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices.

“The Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM [Compatibility Support Mode] mode and without Secure Boot or standard firmware write protections,” Eclypsium said in a report shared with The Hacker News.

“This would allow an attacker on the system to overwrite the system firmware to either ‘brick’ the device or install a firmware implant for ongoing attacker persistence.”

Cybersecurity

While the Unified Extensible Firmware Interface (UEFI) is the modern replacement for the Basic Input/Output System (BIOS), the firmware security company said the iSeq 100 boots to an old version of BIOS (B480AM12 – 04/12/2018) that has known vulnerabilities.

Also noticeably absent are protections to tell the hardware where it can read and write firmware, thereby allowing an attacker to modify device firmware. Also not enabled is Secure Boot, thereby allowing malicious changes to the firmware to go undetected.

DNA Sequencers

Eclypsium pointed out that it’s not advisable for newer high-value assets to support CSM, as it’s chiefly meant for old devices that can’t be upgraded and need to maintain compatibility. Following responsible disclosure, Illumina has released a fix.

In a hypothetical attack scenario, an adversary could target unpatched Illumina devices, escalate their privileges, and write arbitrary code to the firmware.

This is not the first time severe vulnerabilities have been disclosed in DNA gene sequencers from Illumina. In April 2023, a critical security flaw (CVE-2023-1968, CVSS score: 10.0) could have made it possible to eavesdrop on network traffic and remotely transmit arbitrary commands.

Cybersecurity

“The ability to overwrite firmware on the iSeq 100 would enable attackers to easily disable the device, causing significant disruption in the context of a ransomware attack. This would not only take a high-value device out of service, it would also likely take considerable effort to recover the device via manually reflashing the firmware,” Eclypsium said.

“This could significantly raise the stakes in the context of a ransomware or cyberattack. Sequencers are critical to detecting genetic illnesses, cancers, identifying drug-resistant bacteria, and for the production of vaccines. This would make these devices a ripe target for state-based actors with geopolitical motives in addition to the more traditional financial motives of ransomware actors.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
RISE with SAP on IBM Power Virtual Server to Help Accelerate Transformation with SAP S/4HANA Cloud

RISE with SAP on IBM Power Virtual Server to Help Accelerate Transformation with SAP S/4HANA Cloud

Recommended.

SonicWall Investigating If Zero-Day Flaw Is Behind Recent Attacks

SonicWall Investigating If Zero-Day Flaw Is Behind Recent Attacks

August 4, 2025
New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP

New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP

August 10, 2025

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Anaconda Extends AI-Native Application Development With Acquisition

Anaconda Extends AI-Native Application Development With Acquisition

May 1, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio