Three severe vulnerabilities have been found in the firmware of three Seagate wireless hard drives product lines. All three have been properly disclosed to the company and have been now fixed through the release of firmware updates.
The three affected
Seagate hard drives device lines are
LaCie FUEL,
Seagate Wireless Mobile Storage, and
Seagate Wireless Plus Mobile Storage.
Responsible for discovering the vulnerabilities are Mike Baucom, Allen Harper, and J. Rach, all security researchers for
Tangible Security.
Hard-coded credentials are to blame
The first security vulnerability (CVE-2015-2874) is an issue relating to the hard drive's design.
In default configurations, the same default admin password used to configure the device, can also be used via Telnet, together with the root username.
