Seagate wireless hard drives security flaws could let anyone insert malware
The wireless hard drives come with a feature that let users connect the drive to the internet and have their own little cloud, whether at work, at home or even remotely. Now Seagate wireless hard drives security flaws could let anyone on the same Wifi network or from the internet to have access to the drive by simply entering the default username and password of the drive.
If a hacker has gained access to the hard drive they could do anything on it from uploading new files to downloading everything on the drive. The ability to upload could let hackers insert malware into the drive, which could result in infecting the connected system.
The public advisory said in a statement:
“Seagate wireless hard drives provide undocumented Telnet services accessible by using the default credentials of ‘root’ as username and the default password.”
They also mentioned some other security flaws which let an attacker directly download files from anywhere on the file system.
The hard drives that are affected by Seagate wireless hard drives security flaws include, Seagate Wireless Mobile Storage, Wireless Plus Mobile Storage and the LaCie Fuel hard drives. These security flaws have been found by Tangible Security, a security firm. The flaws are said to date back to October 2014, which affect firmware versions 2.2.0.005 and 2.3.0.014.
How to fix Seagate wireless hard drives security flaws?
If you are one of the affected users of Seagate wireless hard drives security flaws, then there is an easy fix for you. To patch these security vulnerabilities, you only need to update the affected devices to the latest firmware.
The security researcher Kenn White criticized the company and tweeted:
“People don’t expect DOD-level security but, Seagate, please stop adding hidden hardcoded root logins to hard drives,” White wrote.