If you have a Seagate Wireless NAS drive, I’d strongly suggest updating your firmware right away. As in drop everything that you’re doing and do it now. Why do I sound so melodramatic? Here’s why via Betanews:
An undocumented Telnet feature could be used to gain control of the device by using the username ‘root’ and the hardcoded default password. There are also other vulnerabilities that allow for unauthorized browsing and downloading of files, as well as permitting malicious files to be uploaded. Tangible Security says that Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie FUEL drives are affected, but there may also be others.
The security issues are confirmed to exist with firmware versions 2.2.0.005 to 2.3.0.014. The problems were discovered way back in March, but a patch has only recently been published, along with an advisory notice from US CERT.
That’s an epic fail on a variety of levels. Anyone with an affected device is advised to update to firmware version 3.4.1.105 which addresses the issue.But I have to ask, who wrote the code for this? What explanation do they have for inserting such features in a supposedly secure storage device? It may have been left in for debugging purposes, which would imply that Seagate’s QA department who would be responsible for catching this really dropped the ball. Thus it would be incompetence at work. However, in the age of Edward Snowden, you cannot help thinking if there is something sinister at work. Either way, Seagate has some explaining to do so that they can regain the trust of their user base.
Related
This entry was posted on September 8, 2015 at 1:15 pm and is filed under Commentary with tags Seagate, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Possible Backdoor Discovered In Seagate Wireless NAS Drives
If you have a Seagate Wireless NAS drive, I’d strongly suggest updating your firmware right away. As in drop everything that you’re doing and do it now. Why do I sound so melodramatic? Here’s why via Betanews:
An undocumented Telnet feature could be used to gain control of the device by using the username ‘root’ and the hardcoded default password. There are also other vulnerabilities that allow for unauthorized browsing and downloading of files, as well as permitting malicious files to be uploaded. Tangible Security says that Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie FUEL drives are affected, but there may also be others.
The security issues are confirmed to exist with firmware versions 2.2.0.005 to 2.3.0.014. The problems were discovered way back in March, but a patch has only recently been published, along with an advisory notice from US CERT.
That’s an epic fail on a variety of levels. Anyone with an affected device is advised to update to firmware version 3.4.1.105 which addresses the issue.But I have to ask, who wrote the code for this? What explanation do they have for inserting such features in a supposedly secure storage device? It may have been left in for debugging purposes, which would imply that Seagate’s QA department who would be responsible for catching this really dropped the ball. Thus it would be incompetence at work. However, in the age of Edward Snowden, you cannot help thinking if there is something sinister at work. Either way, Seagate has some explaining to do so that they can regain the trust of their user base.
Share this:
Like this:
Related
This entry was posted on September 8, 2015 at 1:15 pm and is filed under Commentary with tags Seagate, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.