Security researchers in the cybersecurity industry have revealed flaws in the firmware of Illumina’s iSeq 100 DNA sequencing machine. These gaps in protection could enable attackers to either disable the device entirely or secretly install malware, posing a significant threat to any unpatched system.

Outdated BIOS Implementation

According to the researchers, the iSeq 100 relies on an older BIOS firmware (B480AM12 – dated 04/12/2018) instead of using the modern Unified Extensible Firmware Interface (UEFI). The BIOS in use lacks crucial security features like firmware write protections and Secure Boot. Because of this, a malicious actor who gains control of the system could potentially overwrite the firmware—either rendering the device useless (bricking) or planting hidden malware that remains active over time.

You might be interested in: Mitel MiCollab Vulnerability Discovered

Another major issue is that this outdated setup still uses Compatibility Support Mode (CSM). While CSM was originally designed to help older hardware stay functional, it’s not recommended for newer devices that handle critical tasks—like DNA sequencing—because it leaves them more open to firmware-related attacks.

Consequences of Unsecured Firmware

One key security measure missing from the iSeq 100 is the ability to clearly define where the hardware is allowed to read and write firmware. Without these safeguards, attackers can modify essential device code. In addition, Secure Boot is not enabled on the device, making it easier for harmful changes to the firmware to slip by unnoticed.

If an attacker exploits these vulnerabilities, they could raise their privileges and inject malicious code into the firmware. In the worst-case scenario, this action could occur repeatedly without detection, giving attackers a continuous foothold in the system.

Previous Vulnerabilities and Ransomware Risks

This is not the first time Illumina’s devices have faced security challenges. Earlier, a serious vulnerability (identified as CVE-2023-1968) had the potential to let attackers eavesdrop on network traffic and send unauthorized commands to the equipment.

In a ransomware situation, the ability to overwrite the iSeq 100’s firmware would make it easy to disrupt operations. Once the device is disabled, restoring it would require manual firmware reinstallation—a lengthy process that could cause significant downtime. Because DNA sequencing is crucial for diagnosing genetic disorders, detecting drug-resistant microbes, developing vaccines, and more, these devices become prime targets not only for criminals looking to make money but also for state-sponsored groups pursuing broader geopolitical objectives.

Remediation and Recommendations

Illumina has responded by releasing a patch to address these issues. Anyone using the iSeq 100 should install the update as soon as possible to minimize the risk of attacks. Going forward, experts advise ensuring that critical equipment—especially in fields like healthcare and research—is equipped with secure firmware, modern boot mechanisms (UEFI instead of older BIOS), and robust safeguards like Secure Boot.