It has been revealed that a large number of Seagate hard drives are potentially open to attackers, thanks to a vulnerability exposed by CERT. The recent discovery detailed on CERT.org states that hidden, “undocumented Telnet services” are accessible, using a built-in user account on select Seagate drives, allowing remote access to the hard drive's contents without permission.
The public advisory states that this is only one of the many flaws found in three hard drive models manufactured by Seagate, however the most notable giving hackers potential access to data stored on the drive. The vulnerability is caused by a hard-coded account that comes on the wireless drives, and offers remote access by “using the default credentials of 'root' as username and the default password.”
The issues outed make it possible to download and upload directly into the wireless hard disk’s file system, leading to a high chance of data theft, and spread of malware.
Currently, the issue only affects Seagate’s Wireless Mobile Storage, Wireless Plus Mobile Storage and LaCie Fuel drives, running older firmware. Since these flaws have been discovered, Seagate has ensured that the newest firmware release has patched this vulnerability. If you are running firmware versions 2.2.0.005 to 2.3.0.014, these issues are present, and it is critical that you update as soon as possible. The newest firmware as of today, version 22.214.171.124, can be downloaded via the Seagate Download Finder.
This is yet another sign of increasing troubles for Seagate, after reliability tests brought to light the high failure rates many of their drives encountered. While this, and the latest security issues may look bad for Seagate, consumers are still undeterred, as seen from the recent growth of the company, and an increase in sales over the past years.