Seagate Wireless Disc Firmware Vulnerabilities Allow Download and Download Files Remotely

According to CERT.org, Seagate wireless drives open Telnet-service which can be used with the help of the password in the code. This allows attackers to download files from the drive. Another security bug allows you to remotely upload any files to the default directory used for sharing.

Vulnerabilities are Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, LaCie FUEL devices. It is reported that security errors are contained in the device firmware versions from 2.2.0.005 to 2.3.0.014, released before October 2014, but other versions of Seagate firmware may also be vulnerable.
')
Seagate wireless drives are used to facilitate access to content from different devices, usually within an apartment or house. In addition, some small companies use such devices as small file servers, writes The Register.

The discovered vulnerabilities allow attackers who are within range of the device to use the “default” combination of the password and the “root / root” login to connect to it remotely. As a result, it is possible to download the entire contents of the drive or upload a backdoor to it, for example, by changing the executable file or document.

Seagate has released a new firmware version ( 3.4.1.105 , you can download the firmware for a specific device on a special page ).

Firmware of various devices are increasingly becoming targets of hackers - not so long ago, the media wrote about exposing a cyber-spy group called Equation Group, whose members, among other things, created tools that can replace the firmware of disks.

Also during the International Forum Positive Hack Days, held in Moscow, a competition was held for the reverse development of unusual firmware Best Reverser - an analysis of its tasks can be found in our material .