(Before It's News)
This post was originally published on this site
Several of Seagate’s 3rd generation Wireless Hard drives have a secret backdoor for hackers that puts users’ data at risk.
A Recent study done by the security researchers at Tangible Security firm disclosed an “undocumented Telnet services” with a hard-coded password in Seagate Wireless Hard Drives.
The secret Telnet Vulnerability (CVE-2015-2874
) with an inbuilt user account (default username and password — “root”) allows an attacker to access the device remotely, left users data vulnerable to theft.
According to US-CERT
(Computer Emergency and Response Team) public advisory, multiple models of Seagate hard drives contain multiple vulnerabilities.
Affected devices are:
- Seagate Wireless Plus Mobile Storage
- Seagate Wireless Mobile Storage (Wirelessly streaming your tablet and smartphone’s data)
- LaCie FUEL (Wirelessly extending storage for iPads)
The violation that an attacker can activate is, they can gain root access to the device and access the stored data by sitting somewhere at a remote location.
The nature of vulnerabilities are:
- Use of Hard-coded Credentials
- Direct Request (‘Forced Browsing’)
- Unrestricted Upload of File with Dangerous Type
The Security Advisory also mentions other vulnerabilities that could allow an attacker to directly download files from anywhere on the file system.
Fortunately, there’s an easy fix. Seagate recommended its affected customers to update the device firmware to version 184.108.40.206 to address these issues.
About the author
Researcher and Technical Writer at The Hacker News. An Information Security Consultant and System Auditor, a keen Security Evangelist for all forms of Cyber Security and Denotational Counter Hack Requirements of the Industry, Academia and Society.
Subscribe for Updates
Want more Interesting News like this? Sign up here to receive the best of ‘The Hacker News’ delivered daily straight to your inbox.
The post Warning! Seagate Wireless Hard Drives Have a Secret Backdoor for Hackers appeared first on Middle East Post.