Tangible Security has found that Seagate hard drives have a huge security flaw for those who work with a wireless network that needs to be urgently fixed. It’s quite rare when big brand names slack on their security measures, but Seagate has apparently overlooked a very old communication protocol that still could be used.
Telnet is the particular gateway for hackers to get access to wireless NAS (Network Attached Storage) produced by the company, which due to its unpopularity in today’s modern technology, has fallen away from their attention. However, certain routers, wireless equipment and servers still use Telnet, and that could spell disaster for Seagate customers.
The communication protocol enables the user to access devices whether through a wired or a wireless connection, but it does naturally require a password and correct username. However, the hardware’s default credentials are so easily found that it makes it child’s play for hackers, or virtually anyone, to gain access into your NAS.
According to researchers, anyone can access the wireless-enabled Seagate hard drive by simply using “‘root’ as the username and the default password”. It will give the attacker full access, as if the drive was theirs to begin with, which can affect the user in multiple ways. Two other vulnerabilities have been found that will further damage the integrity of the device.
One of them is the hardware’s web app, which has a highly vulnerable security system that is little but an open door to hackers, who may download all your files from a remote device. The second vulnerability allows potential attackers to upload files on your storage, such as malware that could further spread the virus to your computer.
The vulnerabilities have been reported to Seagate back in March, but the company is only now addressing the issue and released a new patch for their NAS devices that were found with such gaping flaws in their system. Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie FUEL, have all received firmware updates that are available to download on their official website.
According to Seagate, “all security concerns with these vulnerabilities” have been fixed, and users have nothing to worry about any longer, as long as they have the 22.214.171.124 update installed on their devices. It’s quite a mistake to make for such a big brand, so Tangible Security will be reportedly looking into other models.
The security analysts warn that each device of the same brand commonly follows a similar pattern, which might mean that other products may present the same weaknesses.
Image source: mashable.com