BeforeItsNews only exists through ads. We ask all patriots who appreciate the evil we expose and want to
help us savage the NWO with more Truth to disable your ad-blocker on our site only so we can grow and expose more evil! Funding
gives us more weapons! Thank you patriots! Oh and If you disable the Ad-blocker - on your deathbed you will receive total
consciousness. So you got that going for you...which is nice!
Several of Seagate’s 3rd generation Wireless Hard drives have a secret backdoor for hackers that puts users’ data at risk.
A Recent study done by the security researchers at Tangible Security firm disclosed an “undocumented Telnet services” with a hard-coded password in Seagate Wireless Hard Drives.
The secret Telnet Vulnerability (CVE-2015-2874) with an inbuilt user account (default username and password — “root”) allows an attacker to access the device remotely, left users data vulnerable to theft.
According to US-CERT (Computer Emergency and Response Team) public advisory, multiple models of Seagate hard drives contain multiple vulnerabilities.
Affected devices are:
Seagate Wireless Plus Mobile Storage
Seagate Wireless Mobile Storage (Wirelessly streaming your tablet and smartphone’s data)
LaCie FUEL (Wirelessly extending storage for iPads)
The violation that an attacker can activate is, they can gain root access to the device and access the stored data by sitting somewhere at a remote location.
The nature of vulnerabilities are:
Use of Hard-coded Credentials
Direct Request (‘Forced Browsing’)
Unrestricted Upload of File with Dangerous Type
The Security Advisory also mentions other vulnerabilities that could allow an attacker to directly download files from anywhere on the file system.
Fortunately, there’s an easy fix. Seagate recommended its affected customers to update the device firmware to version 3.4.1.105 to address these issues.
About the author
Researcher and Technical Writer at The Hacker News. An Information Security Consultant and System Auditor, a keen Security Evangelist for all forms of Cyber Security and Denotational Counter Hack Requirements of the Industry, Academia and Society.
Subscribe for Updates
Want more Interesting News like this? Sign up here to receive the best of ‘The Hacker News’ delivered daily straight to your inbox.