Skip to content

Files on Seagate wireless disks can be poisoned, purloined – thanks to hidden login

07/09/2015 has reported Seagate wireless hard drives include “undocumented Telnet services” accessible with a hard-coded password. This allows “unrestricted file download capability to anonymous attackers with wireless access to the device.”

And another flaw makes it possible to upload anything into the devices’ default file-sharing directory.

The wireless hard drives pack a hard disk and Wi-Fi controller into a small package. Seagate markets the products as a great way for several portable hand-held devices to access content, most often in a home environment. The devices are, however, effectively a small network-attached storage device: there’s every chance more than a few are doing duty as a de facto file server in very small businesses.

The three flaws present in the device mean that anyone on your network – or who can reach it from the outside – armed with the default password of “root” and enough savvy to try the username “root” can download the entire contents of the Seagate devices, then upload malware into them.


Are you kidding me?

User = root

Secret password = root.

Seriously… like seriously!

One Comment
  1. Reblogged this on TheFlippinTruth.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: