Have a Seagate wireless hard drive? You've got all the reasons to worry about. Seagate wireless hard drives ship with undocumented Telnet services, making the disk accessible with a hard-coded password, reports CERT. One of the vulnerabilities, if exploited, allows an attacker with wireless access to the device with the capability to download unrestricted file. Another vulnerability found in the device lets an attacker upload anything into the device's file-sharing directory. Seagate has issued a firmware update to patch the vulnerabilities.
The majority of the work done by the CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University is focused on government and national security efforts. The CERT team reported three flaws in the wireless hard drives. The flaws allow anyone to easily bypass the default firewall with the username and password "root." Once exploited, one can access content available on the hard drive, as well as upload malware to it. Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie Fuel hard drives are said to be affected.
The sad news is that the credentials are hard-coded into the device, making it impossible for one to tweak the settings and block potential unauthorised access. Seagate has made available a firmware update dubbed 3.4.1.105 that, as it noted, addesses all the aforementioned security concerns. The company also advises users to check Download Finder regularly to see if there is a new firmware update available, and install it, if there is.
Fortunately, there isn't any public exploit of these vulnerabilities, noted security firm Tangible Security. It further added, "However, due to the categorisation of these vulnerabilities, it may be reasonable to believe that cybercriminals are doing so."
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.