A widely used DNA sequencer lacks crucial firmware security protections, potentially exposing genetic research facilities to cyberattacks, security researchers said on Tuesday. The Illumina iSeq 100, deployed at 23andMe and thousands of laboratories worldwide, runs on outdated BIOS firmware from 2018 that doesn’t enforce Secure Boot protection against malware infections, ArsTechnica reported today, citing researchers from Eclypsium.
The device’s manufacturer, IEI Integration Corp, supplies motherboards to numerous medical equipment makers, suggesting similar vulnerabilities could affect other devices, Eclypsium said. Illumina said the issues were “not high-risk” and would notify customers if mitigations were needed.