A security vulnerability has been found on Seagate wireless hard drives that could hand attackers root access to the device just by entering a default username and password.
The flaw, which affects Seagate Wireless Mobile storage, Wireless Plus Mobile Storage and LaCie FUEL drives manufactured from last October onwards, is cracked open by using ‘root’ as both the username and password.
“Seagate wireless hard-drives provides undocumented Telnet services accessible by using the
“A remote unauthenticated attacker may access arbitrary files on the hard drive, or gain root access to the device.”
In a statement to media, Seagate said: “Seagate was made aware of vulnerabilities in its consumer based wireless hard drives. Seagate has patched the vulnerabilities and issued a firmware update that is available to customers on Seagate.com and through a link on the CERT notification. The firmware update addresses all security concerns with these vulnerabilities.”
Affected users are being urged to update their hard drives as soon as possible with firmware 3.4.1.105.
Earlier this week, security researchers uncovered flaws in a number of leading security products including those from Kaspersky and FireEye.
The affected products involve zero-day vulnerabilities that put users’ private data at risk, reported the IBTimes.
FireEye’s security product was apparently hacked by Los Angeles-based researcher Kristian Erik Hermansen, who revealed on Twitter that he had found ‘at least four’ security flaws in the company’s core product.
Hermansen said that he has sat on one of the flaws for more than 18 months without a fix from FireEye.
“Why would you trust these people to have this device on your network,” said Hermansen when he disclosed the vulnerabilities on Pastebin and Exploit-DB.
AI push sees Alphabet's Google saying it will consolidate its AI teams in its Research…
Beijing orders Apple to pull Meta's WhatsApp and Threads from its Chinese App Store over…
Key milestone sees Intel Foundry assemble ASML's new “High NA EUV” lithography tool, to begin…
Oracle's huge AI, Cloud investment in Japan will meet growing local demand and address digital…
People who create sexually explicit ‘deepfakes’ of adults will face prosecution under a new law…
Protest at cloud contract with Israel results in staff firings, in addition to layoffs of…