News of the Illumina vulnerability comes after the FDA last month announced it will require medical device makers to meet specific cybersecurity requirements when submitting an application for a new product.
#ILLUMINA ISCAN UPDATE#
“Upon identifying this vulnerability, our team worked diligently to develop mitigations to protect our instruments and customers,” Aravanis said. “We then contacted and worked in close partnership with regulators and customers to address the issue with a simple software update at no cost, requiring little to no downtime for most.” In a LinkedIn post, Illumina CTO Alex Aravanis said that the company discovered the vulnerability as part of routine efforts to assess its software for potential vulnerabilities and exposures. Illumina CEO Francis deSouza said in January that its installed base was more than 22,000 sequencers. Illumina spokesperson David McAlpine told TechCrunch that Illumina has “not received any reports indicating that a vulnerability has been exploited, nor do we have any evidence of any vulnerabilities being exploited.” McAlpine declined to say whether Illumina has the technical means to detect exploitation, or say how many devices are vulnerable to the flaws.
These products, used worldwide in the healthcare sector, are designed for clinical diagnostic use in sequencing a person’s DNA for various genetic conditions or research purposes. The vulnerabilities affect Illumina’s iScan, iSeq, MiniSeq, MiSeq, MiSeqDx, NextSeq and NovaSeq products.
#ILLUMINA ISCAN CODE#
The bug could allow attackers to remotely upload and run malicious code at the operating system level, allowing them to alter settings and access sensitive data on the affected product. The advisories also warn of a second vulnerability, tracked as CVE-2023-1966 with a lower severity rating of 7.4 out of 10. If exploited, the bug could allow hackers to compromise devices to produce incorrect or altered results, or none at all. Food and Drug Administration warned that the security flaw - tracked as CVE-2023-1968 with the maximum vulnerability severity rating of 10 out of 10 - allows hackers to remotely access an affected device over the internet without needing a password.
In separate advisories released on Thursday, U.S. government has sounded the alarm about a critical software vulnerability found in genomics giant Illumina’s DNA sequencing devices, which hackers can exploit to modify or steal patients’ sensitive medical data.
0 kommentar(er)
