starbuck Posted September 7, 2015 Posted September 7, 2015 A public vulnerability disclosure warns that an attacker could remotely download files from an affected hard drive, thanks to the hard-coded default password. A number of Seagate hard drives are vulnerable to data theft, thanks to an undocumented, in-built user account that could give an attacker remote access to the device. "Seagate wireless hard-drives provides undocumented Telnet services accessible by using the default credentials of 'root' as username and the default password," said a public advisory posted Tuesday. The vulnerability is just one of many flaws in three wireless hard drives manufactured by the company, the advisory said. Other flaws included in the advisory allow an attacker to "directly download files from anywhere on the file system." Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and the company's LaCie Fuel hard drives are said to be affected by the flaw. The flaws, discovered by researchers at security firm Tangible Security, are said to date back as early as October 2014, affecting firmware versions 2.2.0.005 and 2.3.0.014. The flaws are fixable if affected devices are updated to the latest firmware. But the hard drive manufacturer didn't escape a jab from respected security researcher Kenn White, who criticized the company in a tweet on Sunday. "People don't expect DOD-level security but, Seagate, please stop adding hidden hardcoded root logins to hard drives," White wrote. Seagate did not respond to comment at the time of writing. Source: http://www.zdnet.com/article/seagate-hard-drives-open-to-hackers-thanks-to-hard-coded-password/#ftag=RSSbaffb68 Quote
FPCH Admin allheart55 Cindy E Posted September 7, 2015 FPCH Admin Posted September 7, 2015 I'm glad that I don't use any Seagate drives. Quote ~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~ ~~Robert McCloskey~~
FPCH Admin AWS Posted September 8, 2015 FPCH Admin Posted September 8, 2015 I also haven't used Seagate drives in years. At one time they were all I used. Quote Off Topic Forum - Unlike the Rest
Plastic Nev Posted September 8, 2015 Posted September 8, 2015 It is only external wireless connected drives. Hard wired and internal drives are not affected it would seem as those should normally be protected by the connected computers firewall and maybe other antimalware installed I would think. Quote
Recommended Posts