Warning! Seagate Wireless Hard Drives Have a Secret Backdoor for Hackers by Khyati Jain.
From the post:
Several of Seagate’s 3rd generation Wireless Hard drives have a secret backdoor for hackers that puts users’ data at risk.
A Recent study done by the security researchers at Tangible Security firm disclosed an “undocumented Telnet services” with a hard-coded password in Seagate Wireless Hard Drives.
The secret Telnet Vulnerability (CVE-2015-2874) with an inbuilt user account (default username and password — “root”) allows an attacker to access the device remotely, left users data vulnerable to theft.
…
But wait! There is an easy fix!
Fortunately, there’s an easy fix. Seagate recommended its affected customers to update the device firmware to version 3.4.1.105 to address these issues.
Oh, yeah, but what about all those Seagate Wireless Hard Drives that are already in the supply chain?
FYI: It need not say “Seagate” on the outside to be a vulnerable Seagate product.
Imagine if Ford brake recalls (so far in 2015) offered you a free brake repair kit you could order online. The cost of installation being place on you.
I wonder how well that would go over?
Shifting repair costs and obligations to end users has proven to be a highly ineffectual way of maintaining software security.
I don’t have a magic solution but continuing the current model and expecting different results is madness.