Illumina, Feds Say Genetic Testing Gear at Risk of HackingFeds Warn of Vulnerabilities Affecting Illumina's Universal Copy Service Software
Federal authorities are warning that hackers could take over genetic testing devices manufactured by Illumina, although neither the manufacturer nor the Food and Drug Administration has received reports of attacks.
The FDA said the vulnerabilities affect Illumina's proprietary Universal Copy Service software. An Illumina spokesman explains that the UCS "enables data transfer from our instruments."*
Illumina posted a list of affected devices.
In a separate Thursday alert, the Cybersecurity and Infrastructure Security Agency warned that a remote code execution bug tracked as CVE-2023-1966 allows hackers to "change settings, configurations, software, or access sensitive data."
Another, CVE-2023-1968, allows attackers to use UCS to listen on all IP addresses in a network, including those capable of accepting remote communications.
Alex Aravanis, Illumina chief technology officer, in a post Thursday on LinkedIn said that upon identifying the vulnerabilities, "our team worked diligently to develop mitigations to protect our instruments and customers."
The company is providing customers with "a simple software update at no cost, requiring little to no downtime for most" to address the issues, he said.
Besides the software updates, CISA also recommended users take "defensive measures" to minimize the risk of exploitation of these vulnerabilities.
That includes minimizing network exposure for all control system devices and ensuring they are not accessible from the internet. Should a company decide it needs remote access, it should use a virtual private network to access the devices, CISA said.
Update April 28, 2023 UTC 17:54: Illumina's provided description of what the UCS does in the company's instruments.