Seagate fixes the problems through a firmware update

Sep 7, 2015 21:11 GMT  ·  By

Three severe vulnerabilities have been found in the firmware of three Seagate wireless hard drives product lines. All three have been properly disclosed to the company and have been now fixed through the release of firmware updates.

The three affected Seagate hard drives device lines are LaCie FUEL, Seagate Wireless Mobile Storage, and Seagate Wireless Plus Mobile Storage.

Responsible for discovering the vulnerabilities are Mike Baucom, Allen Harper, and J. Rach, all security researchers for Tangible Security.

Hard-coded credentials are to blame

The first security vulnerability (CVE-2015-2874) is an issue relating to the hard drive's design.

In default configurations, the same default admin password used to configure the device, can also be used via Telnet, together with the root username.

This allows any malicious user to gain access to the Telnet root account and sub-sequentially get control over the hard drive itself, along with all the files stored inside it.

The second and third vulnerabilities (CVE-2015-2875, CVE-2015-2876) can be exploited when the hard drive again uses the default configuration.

When the attacker is in the hard drive's wireless range, these vulnerabilities can be exploited to provide unrestricted download and upload capabilities to the device.

Firmware updates have been released to fix the issues

The security researchers that have discovered these bugs confirm that firmware versions between 2.2.0.005 and 2.3.0.014 are affected. Samsung's 3.4.1.105 firmware update should fix the reported problems.

This is not the first time when hard-coded credentials have caused problems, just two weeks ago we reported on a case which allowed attackers to hijack five types of DSL, SOHO (small office / home office) WiFi routers.

Hard-coded credentials aren't a problem, in general, since they are needed to configure most wireless devices in the first place. As with most cases, problems arise when these hard-coded credentials are reused via Telnet connections.