Jump to content

Recommended Posts

Posted

A public vulnerability disclosure warns that an attacker could remotely download files from an affected hard drive, thanks to the hard-coded default password.

 

A number of Seagate hard drives are vulnerable to data theft, thanks to an undocumented, in-built user account that could give an attacker remote access to the device.

 

"Seagate wireless hard-drives provides undocumented Telnet services accessible by using the default credentials of 'root' as username and the default password," said a public advisory posted Tuesday.

 

The vulnerability is just one of many flaws in three wireless hard drives manufactured by the company, the advisory said.

 

Other flaws included in the advisory allow an attacker to "directly download files from anywhere on the file system."

 

Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and the company's LaCie Fuel hard drives are said to be affected by the flaw.

 

The flaws, discovered by researchers at security firm Tangible Security, are said to date back as early as October 2014, affecting firmware versions 2.2.0.005 and 2.3.0.014.

 

The flaws are fixable if affected devices are updated to the latest firmware. But the hard drive manufacturer didn't escape a jab from respected security researcher Kenn White, who criticized the company in a tweet on Sunday.

 

"People don't expect DOD-level security but, Seagate, please stop adding hidden hardcoded root logins to hard drives," White wrote.

 

Seagate did not respond to comment at the time of writing.

 

 

Source:

http://www.zdnet.com/article/seagate-hard-drives-open-to-hackers-thanks-to-hard-coded-password/#ftag=RSSbaffb68

76c90dd0e79a714317a8daeecc1584d2.png

Posted
It is only external wireless connected drives. Hard wired and internal drives are not affected it would seem as those should normally be protected by the connected computers firewall and maybe other antimalware installed I would think.
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...