Slashdot Mirror

← Back to Stories (view on slashdot.org)

Backdoor Discovered Into Seagate NAS Drives

Posted by samzenpus on from the protect-ya-neck dept.

Mark Wilson writes: If you have not recently updated the firmware for your Seagate wireless NAS drives, now is the time to do so. Researchers at Tangible Security have discovered a series of vulnerabilities in a number of devices produced by Seagate that could allow unauthorized access to files and settings. An undocumented Telnet feature could be used to gain control of the device by using the username 'root' and the hardcoded default password. There are also other vulnerabilities that allow for unauthorized browsing and downloading of files, as well as permitting malicious files to be uploaded. Tangible Security says that Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie FUEL drives are affected, but there may also be others. The security issues are confirmed to exist with firmware versions 2.2.0.005 to 2.3.0.014.

4 of 121 comments (clear)

  1. Backdoor Discovered Into Seagate NAS Drives by nickweller · · Score: 4, Interesting

    Who wrote the code. What explanation do they have for inserting such features in a supposedly secure storage device. Is there a more sinister explanation for this?

  2. Mix-match vendors and layer your security by rtkluttz · · Score: 3, Interesting

    Its pretty much come down to the fact that all corporations are working against the consumers. The best we can hope for is to mix and match vendors and layer our security and don't use cloud based shit. Use open source firewalls and control your outbound ports not just incoming ports.

    Stop trusting these dickheads people.

    --
    Digital is, by definition, imperfect. Analog is the way to go.
  3. Re:My gosh by Antique+Geekmeister · · Score: 1, Interesting

    Adding encryption means you can't export them to "non-approved" countries, and raises a great number of hoops to be able to export the product at all..

                        https://en.wikipedia.org/wiki/...

    Also, encryption algorithms take more space in the very limited space on firmware and small controller chipsets.

  4. Re:Yet another reason not to buy Seagate... by Anonymous Coward · · Score: 2, Interesting

    If you're serious about network storage, you build a FreeNAS server with server parts including ECC RAM and multiple NICs teamed together. You fill it up with WD Red Pro drives or another drive that has appropriate TLER settings for NAS usage. You also plug it into a decent UPS ($300+ true sine wave unit).

    In no universe are Synology, QNAP or Drobo anything more than consumer toys.