Seagate Reports Wireless Storage Vulnerability
Posted by: Timothy Weaver on 09/10/2015 08:51 AM
[
Comments
]
Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie Fuel devices purchased since October 2014 are all susceptible to hacking.
Seagate has already issued a patch for the problem, but it may not be the end of problems. The firm that first discovered the flaw says other Seagate products may also be affected.
Tangible Security said: “With products from large vendors such as Seagate, there tend to be numerous product names for basically the same product under the same vendor’s name or another vendor. Tangible Security cannot enumerate all of the named products as well as Seagate. Other named products may be affected.”
Hard-coded username and password are the most serious flaw. It would allow a hacker to take control of your external hard drive, grab files from it, and even use the device to launch malicious attacks against others.
There is a second flaw affecting the devices. When in range of the device’s wireless network, this flaw would allow a hacker unrestricted file download capability. And finally, the third flaw would allow a hacker to upload a malicious file to any device connected to the network.
Anyone running a wireless Seagate device with firmware versions 2.2.0.005 or 2.3.0.014 can download a patch directly from Seagate that upgrades you to firmware version 3.4.1.105. If you’re not sure if your drive is affected, go to Seagate’s Download Finder, enter your serial number, and see if an update is available for your device.
Source: PCWorld
Seagate has already issued a patch for the problem, but it may not be the end of problems. The firm that first discovered the flaw says other Seagate products may also be affected.Tangible Security said: “With products from large vendors such as Seagate, there tend to be numerous product names for basically the same product under the same vendor’s name or another vendor. Tangible Security cannot enumerate all of the named products as well as Seagate. Other named products may be affected.”
Hard-coded username and password are the most serious flaw. It would allow a hacker to take control of your external hard drive, grab files from it, and even use the device to launch malicious attacks against others.
There is a second flaw affecting the devices. When in range of the device’s wireless network, this flaw would allow a hacker unrestricted file download capability. And finally, the third flaw would allow a hacker to upload a malicious file to any device connected to the network.
Anyone running a wireless Seagate device with firmware versions 2.2.0.005 or 2.3.0.014 can download a patch directly from Seagate that upgrades you to firmware version 3.4.1.105. If you’re not sure if your drive is affected, go to Seagate’s Download Finder, enter your serial number, and see if an update is available for your device.
Source: PCWorld
Comments
