Previous Story
Seagate issues fix for wireless hard drive backdoor vulnerability
Posted On Sep 08 2015
Comment: Off
Nice Seagate wireless hard drive you have there. All three have been properly disclosed to the company and have been now fixed through the release of firmware updates.
How to fix Seagate wireless hard drives security flaws?
Seagate wireless hard drives ship with undocumented Telnet services, making the disk accessible with a hard-coded password, reports CERT. One of the vulnerabilities, if exploited, allows an attacker with wireless access to the device with the capability to download unrestricted file.
The communication protocol enables the user to access devices whether through a wired or a wireless connection, but it does naturally require a password and correct username.
Researchers from Tangible Security discovered the vulnerability and informed Seagate of the problem.
If an attacker were to use this flaw they could take control of your external hard drive, grab files from it, and even use the device to launch malicious attacks against others, according to Tangible.
The vulnerabilities primarily affect owners of Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie Fuel devices purchased since October 2014.
The flaws are fixable if affected devices are updated to the latest firmware.
A recently discovered vulnerability reportedly puts quite a few Seagate hard drives at the risk of data theft, the vulnerability is described as an undocumented in-built user account which could allow an attacker to gain remote access to the device.
FireEye’s security product was apparently hacked by Los Angeles-based researcher Kristian Erik Hermansen, who revealed on Twitter that he had found “at least four” security flaws in the company’s core product. This means that only Seagate can offer a comprehensive list of all named products that are affected. That will locate the firmware you need. At minimum, the above-mentioned vulnerabilities are present in firmware versions 2.2.0.005 and 2.3.0.014, though they could exist in other firmware versions.
