Files on Seagate wireless disks can be poisoned, purloined – thanks to hidden login

Found on The Register on Monday, 07 September 2015

CERT.org has reported Seagate wireless hard drives include “undocumented Telnet services” accessible with a hard-coded password. This allows “unrestricted file download capability to anonymous attackers with wireless access to the device.”

The three flaws present in the device mean that anyone on your network – or who can reach it from the outside – armed with the default password of "root" and enough savvy to try the username “root” can download the entire contents of the Seagate devices, then upload malware into them.

That's why you want dumb devices. With all that zeroconf hardware that just "magically works" you add extra security issues to your network; and not all the issues are even known yet.

Browse all articles« Previous « » Next »