Hard-coded login leaves Seagate wireless hard drives wide open
by from Techreport on (#KT46)
Nice Seagate wireless hard drive you have there. Shame if anybody on your network had full access to it. Unfortunately, that's exactly what can happen, thanks to vulnerabilities found in some models of the company's external hard drives. A CERT report details the problem, which affects Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and Seagate-powered LaCie Fuel drives.
First and foremost, these drives have "undocumented Telnet services" enabled by default, which can be accessed with the "root" username and a default password. That's enough for anyone on the same network as the drives to ...