Root password flaw leaves wireless Seagate drives open to attack

Sponsored Links

Sean Buckley
September 7, 2015 10:00 PM
Root password flaw leaves wireless Seagate drives open to attack

Own a wireless hard drive? Was it made by Seagate? You'll want to download an update. Researchers at Tangible security have discovered a vulnerability in certain Seagate wireless drives that could give unauthorized users root access to the device. The flaw? A default username and password that activates undocumented Telnet services. It's a terrifyingly simple vulnerability. Luckily, the fix is almost as simple -- all you have to do is patch your drive's firmware.

Security researchers say the vulnerability can be found in Seagate Wireless Mobile storage, Wireless Plus Mobile Storage and LaCie FUEL drives dating back to last October, but warns that other drives may be affected as well. The report also highlights two other possible attacks that exploit the firmware's file-sharing protocols. Seagate has already tested and confirmed the flaws, and issued firmware update 3.4.1.105 as a fix. Have a Seagate drive? Why are you still readying this? Click here and update, already.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget