Slashdot Mirror

← Back to Stories (view on slashdot.org)

Backdoor Discovered Into Seagate NAS Drives

Posted by samzenpus on from the protect-ya-neck dept.

Mark Wilson writes: If you have not recently updated the firmware for your Seagate wireless NAS drives, now is the time to do so. Researchers at Tangible Security have discovered a series of vulnerabilities in a number of devices produced by Seagate that could allow unauthorized access to files and settings. An undocumented Telnet feature could be used to gain control of the device by using the username 'root' and the hardcoded default password. There are also other vulnerabilities that allow for unauthorized browsing and downloading of files, as well as permitting malicious files to be uploaded. Tangible Security says that Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie FUEL drives are affected, but there may also be others. The security issues are confirmed to exist with firmware versions 2.2.0.005 to 2.3.0.014.

3 of 121 comments (clear)

  1. My gosh by execthis · · Score: 4, Funny

    My gosh, you would think in this day and age that firmware developers would know better than this. Hard-coded telnet passwords? Seriously?

  2. Telnet?! by maugle · · Score: 4, Funny

    Seriously, who uses telnet instead of ssh in this day and age? I think we're at the point where including telnet - even optionally - in any Internet-facing device should be classified as a malicious act.

  3. Hilarious extract from website by Tokolosh · · Score: 3, Funny

    From CERT website, with prominent NSA logo (https://www.kb.cert.org/vuls/id/903500):

    "Tangible Security would also like to publically thank Seagate for their cooperation and desire to make their products and customers more secure."

    --
    Prove anything by multiplying Huge Number times Tiny Number