Security

Seagate Hard Drives Shipped With Security Flaw

Ben covers web and technology giants such as Google, Amazon, and Microsoft and their impact on the cloud computing industry, whilst also writing about data centre players and their increasing importance in Europe. He also covers future technologies such as drones, aerospace, science, and the effect of technology on the environment.

Follow on:

Wireless hard drives from Seagate vulnerable to attack due to default password vulnerability, researchers discover

A security vulnerability has been found on Seagate wireless hard drives that could hand attackers root access to the device just by entering a default username and password.

The flaw, which affects Seagate Wireless Mobile storage, Wireless Plus Mobile Storage and LaCie FUEL drives manufactured from last October onwards, is cracked open by using ‘root’ as both the username and password.

Telnet access

“Seagate wireless hard-drives provides undocumented Telnet services accessible by using theonline security default credentials of ‘root’ as username and the default password,” explained the CERT.org researchers.

“A remote unauthenticated attacker may access arbitrary files on the hard drive, or gain root access to the device.”

In a statement to media, Seagate said: “Seagate was made aware of vulnerabilities in its consumer based wireless hard drives. Seagate has patched the vulnerabilities and issued a firmware update that is available to customers on Seagate.com and through a link on the CERT notification. The firmware update addresses all security concerns with these vulnerabilities.”

Affected users are being urged to update their hard drives as soon as possible with firmware 3.4.1.105.

Earlier this week, security researchers uncovered flaws in a number of leading security products including those from Kaspersky and FireEye.

The affected products involve zero-day vulnerabilities that put users’ private data at risk, reported the IBTimes.

FireEye’s security product was apparently hacked by Los Angeles-based researcher Kristian Erik Hermansen, who revealed on Twitter that he had found ‘at least four’ security flaws in the company’s core product.

Hermansen said that he has sat on one of the flaws for more than 18 months without a fix from FireEye.

“Why would you trust these people to have this device on your network,” said Hermansen when he disclosed the vulnerabilities on Pastebin and Exploit-DB.