Seagate wireless hard drives open wide to attack

Several Seagate wireless hard-drives have been found to be affected by multiple vulnerabilities, the CERT Coordination Center of the Software Engineering Institute at Carnegie Mellon University warns.

The first one allows an attacker to access undocumented Telnet services by using root as both username and password. The second one allows an attacker to download files stored in the device. The third one allows him (or her) to upload files onto the device, and if they are malicious, they could end up compromising other endpoints when opened.

An attacker that wishes to exploit these bugs must be within range of the devices wireless network.

Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie FUEL with firmware versions 2.2.0.005 and 2.3.0.014 have been confirmed to be affected, and its possible that other products might be vulnerable, as well.

Seagate has released firmware (v3.4.1.105) to plug the holes, and users are advised to update it as soon as possible.

There is no evidence that attackers have been exploiting the holes in attacks in the wild