Advertisement

Root password flaw leaves wireless Seagate drives open to attack

Own a wireless hard drive? Was it made by Seagate? You'll want to download an update. Researchers at Tangible security have discovered a vulnerability in certain Seagate wireless drives that could give unauthorized users root access to the device. The flaw? A default username and password that activates undocumented Telnet services. It's a terrifyingly simple vulnerability. Luckily, the fix is almost as simple -- all you have to do is patch your drive's firmware.

Security researchers say the vulnerability can be found in Seagate Wireless Mobile storage, Wireless Plus Mobile Storage and LaCie FUEL drives dating back to last October, but warns that other drives may be affected as well. The report also highlights two other possible attacks that exploit the firmware's file-sharing protocols. Seagate has already tested and confirmed the flaws, and issued firmware update 3.4.1.105 as a fix. Have a Seagate drive? Why are you still readying this? Click here and update, already.