Do you have a Seagate WiFi disk drive? You may have a problem!

[skp51443]

It looks like Seagate left a few backdoors open that you really want to close ASAP. New firmware is available from the drive menu.

 

http://www.theregister.co.uk/2015/09/07/files_on_seagate_wireless_disks_can_be_poisoned_purloined

 

<<snip>>

 

CERT.org has reported Seagate wireless hard drives include “undocumented Telnet services” accessible with a hard-coded password. This allows “unrestricted file download capability to anonymous attackers with wireless access to the device.”

And another flaw makes it possible to upload anything into the devices' default file-sharing directory.

The wireless hard drives pack a hard disk and Wi-Fi controller into a small package. Seagate markets the products as a great way for several portable handheld devices to access content, most often in a home environment. The devices are, however, effectively a small network-attached storage device: there's every chance more than a few are doing duty as a de facto file server in very small businesses.

The three flaws present in the device mean that anyone on your network – or can reach it from the outside – armed with the default password of "root" and enough savvy to try the username “root” can download the entire contents of the Seagate devices, then upload malware into them.