If you’re using a Seagate external hard drive, you may want to be aware of both the security risks present on the drive as well as the patch that was just released to fix the vulnerability.
A series of vulnerabilities primarily affect owners of Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie Fuel devices purchased since October 2014.
Tangible Security, the firm that discovered the flaws, has stated that other Seagate products may be affected as well.
The worst flaw is thanks to a hard-coded username and password that gives an attacker access to an undocumented Telnet service. Telnet is a command line method of logging into one computer from another over the Internet or a local network.
The vulnerability allows potential hackers to take control of your external hard drive, grab files from it, and even use the device to launch malicious attacks against others, according to Tangible. Even worse, that hard-coded login is ‘root’ for both the username and password.
Which isn’t a good thing.
An additional flaw allows an attacker unrestricted file download capability when in range of the device’s wireless network. Finally, the third flaw could allow an attacker to upload any file they want to a vulnerable device, including malicious files that could compromise other machines the hard drive is connected to. That last flaw would require someone to open the malicious file first, however.
The good news is that anyone running a wireless Seagate device with firmware versions 2.2.0.005 or 2.3.0.014 can download a patch directly from Seagate that upgrades you to firmware version 3.4.1.105. The firmware version can be found by going to the Seagate Download Finder website, entering your serial number and seeing if the firmware update is available for your device.
If you’ve seen this issue on your end, please let us know.
Via Macworld, Engadget and Seagate Download Finder