Researchers at Eclypsium have uncovered critical security flaws in the Illumina iSeq 100 DNA gene sequencer. The device utilizes an outdated BIOS firmware implementation, employing Compatibility Support Mode (CSM) without Secure Boot or standard firmware write protections. This vulnerability allows an attacker with system access to overwrite the firmware. This could potentially disable the device entirely or install persistent malware.
The identified security gaps underscore the substantial risks associated with reusing commodity hardware and neglecting regular firmware updates. The lack of modern security measures in the iSeq 100 presents a major supply chain vulnerability. This also highlights the need for stringent security protocols and configuration management to protect devices that handle sensitive genomic data, as outlined by NIST guidelines published in 2023.