Slashdot Mirror

← Back to Stories (view on slashdot.org)

Backdoor Discovered Into Seagate NAS Drives

Posted by samzenpus on from the protect-ya-neck dept.

Mark Wilson writes: If you have not recently updated the firmware for your Seagate wireless NAS drives, now is the time to do so. Researchers at Tangible Security have discovered a series of vulnerabilities in a number of devices produced by Seagate that could allow unauthorized access to files and settings. An undocumented Telnet feature could be used to gain control of the device by using the username 'root' and the hardcoded default password. There are also other vulnerabilities that allow for unauthorized browsing and downloading of files, as well as permitting malicious files to be uploaded. Tangible Security says that Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie FUEL drives are affected, but there may also be others. The security issues are confirmed to exist with firmware versions 2.2.0.005 to 2.3.0.014.

8 of 121 comments (clear)

  1. Backdoor Discovered Into Seagate NAS Drives by nickweller · · Score: 4, Interesting

    Who wrote the code. What explanation do they have for inserting such features in a supposedly secure storage device. Is there a more sinister explanation for this?

    1. Re:Backdoor Discovered Into Seagate NAS Drives by AmiMoJo · · Score: 4, Informative

      As much as I love a good NSA/GCHQ conspiracy theory, I think this one is most likely just incompetence. Their NAS boxes run Linux, and telnet is really useful for debugging headless machines during development. Someone either forgot to turn it off before shipping or just assumed that because they changed the default port no-one would find it.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. Let me guess by Anonymous Coward · · Score: 4, Informative

    Closed-source firmware?

  3. My gosh by execthis · · Score: 4, Funny

    My gosh, you would think in this day and age that firmware developers would know better than this. Hard-coded telnet passwords? Seriously?

  4. Telnet?! by maugle · · Score: 4, Funny

    Seriously, who uses telnet instead of ssh in this day and age? I think we're at the point where including telnet - even optionally - in any Internet-facing device should be classified as a malicious act.

  5. Wrong response by Anonymous Coward · · Score: 5, Informative

    When a company's firmware is backdoored, you don't just download the patch and hope they won't do it again. You buy from somewhere else.

  6. Yet another reason not to buy Seagate... by Drakonblayde · · Score: 5, Insightful

    On the other hand, anyone who expects a hard drive in a cheap enclosure that offers network services to have a focus on security is a little whacko. If you're serious about network storage, you buy bare drives and put them in something like a Synology, QNAP, or Drobo. I stopped buying external drives with embedded software that I couldn't wipe awhile ago. RIght now, the only external drives I use are WD Elements because they provide what I'm looking for in an external drive - storage on a USB cable and nothing else

  7. Not a backdoor by javispedro · · Score: 5, Informative
    This is not a backdoor.
    • It is not undocumented. It uses Arago, an actually open GNU/Linux distribution as firmware (so it is more open source than your average android device!), and the ability to root it via telnet has been available since day 1, with a widely known password.
    • It is not remote, since to access it you need to join the NAS WLAN, and for that you need to passphrase created by the user. If you've managed to guess the passphrase/break that layer, then you've already crossed the airtight hatchway: at that point you can already view all the files on the disk, install adware, viruses, etc.
    • This was being used by plenty of people to install custom Linux distributions such as Debian or Arch on relatively inexpensive hardware. There's even a user focused distribution for the device

    Basically, another group of security ``researchers'' (use of quotes intentional) manage to force a company making a relatively open embedded product to close it down for tinkerers, while not improving the security of the product at all.

    I hate this world.