1. Forum
  2. TQWNet
  3. TQW GENTECH

  • Experts warn DNA sequencers are vulnerable to bootkit attacks

    From TechnologyDaily@1337:1/100 to All on Thursday, January 09, 2025 20:15:05
    Experts warn DNA sequencers are vulnerable to bootkit attacks

    Date:
    Thu, 09 Jan 2025 20:03:00 +0000

    Description:
    The iSeq 100 device did not come with standard boot protections, allowing crooks to establish persistence.

    FULL STORY ======================================================================Research ers from Eclypsium find vulnerability in the way iSeq 100 boots up The bug allows threat actors to establish persistence, brick the device, or tamper with the results A patch has since been made available, so update now

    A popular DNA sequencer has been found carrying a vulnerability allowing threat actors to establish persistence on the device, destroy the hardware,
    or even tamper with the results, experts have claimed.

    Researchers from Eclypsium analyzed the BIOS firmware in iSeq 100, a DNA sequencer built by a US biotechnology company Illumina, a benchtop sequencing system designed for small-scale genomic and targeted sequencing applications. It is used to read and analyze DNA, help researchers understand genetic information, study diseases, develop treatments, or explore how organisms are related.

    Eclypsium said the device boots an older version of the BIOS firmware, which even ran in Compatibility Support Mode (CSM), in order to support older devices. It did not boot with standard protections, including Secure Boot technology. Manipulating outcomes

    All of this made iSeq 100 vulnerable to nine different bugs, some discovered in 2017, and with different severity scores. Threat actors could launch LogoFAIL, Spectre 2 , and Microarchitectural Data Sampling (MDS) attacks against these devices, it was claimed.

    To make matters worse, Eclypsium said it only analyzed this specific model, and that it is possible that other models are suffering from the same drawbacks, as well, especially since the motherboards in these devices were built by a third party.

    If the data is manipulated by an implant/backdoor in these devices, then a threat actor may manipulate a wide range of outcomes including faking
    presence or absence of hereditary conditions, manipulating medical treatments or new vaccines, faking ancestry DNA research, etc, Eclypsium said.

    Since making the discovery, Eclypsium notified the iSeq 100 manufacturer, who came back with a patch. There was no word on how many devices are vulnerable, or how fast the patch will be applied on all of them.

    Our initial evaluation indicates these issues are not high-risk, an Illumina representative told BleepingComputer .

    Via BleepingComputer You might also like Mitel collaboration software zero-day strings along a previously patched vulnerability Here's a list of
    the best antivirus tools on offer These are the best endpoint protection
    tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/experts-warn-dna-sequencers-are-vulnera ble-to-bootkit-attacks


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)