Security News > 2023 > April > CISA warns of critical bugs in Illumina DNA sequencing systems

The U.S. Cybersecurity Infrastructure Security Agency and the FDA have issued an urgent alert about two vulnerabilities that impact Illumina's Universal Copy Service, used for DNA sequencing in medical facilities and labs worldwide.

"An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product," warns a CISA advisory released yesterday.

Illumina is a California-based medical technology company that develops and manufactures advanced bioanalysis and DNA sequencing machines.

The company's devices are one of the most widely used for DNA sequencing in clinical settings, research organizations, academic institutions, biotechnology firms, and pharmaceutical companies in 140 countries.

"On April 5, 2023, Illumina sent notifications to affected customers instructing them to check their instruments and medical devices for signs of potential exploitation of the vulnerability," reads an advisory by the FDA. "Some of these instruments have a dual boot mode that allows a user to operate them in either clinical diagnostic mode or RUO mode. Devices intended for RUO are typically in a development stage and must be labeled"For Research Use Only.

CISA also recommends that users of medical devices minimize the exposure of control systems to the internet as much as possible, using firewalls to isolate them from the wider network and using VPNs when remote access is needed.

News URL

https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-bugs-in-illumina-dna-sequencing-systems/