Why? According to CERT.org “Seagate wireless hard-drives provide undocumented Telnet services accessible by using the default credentials of ‘root’ as username and the default password.” But that’s only one flaw, there are two more:
“Under a default configuration, Seagate wireless hard-drives provides an unrestricted file download capability to anonymous attackers with wireless access to the device. An attacker can directly download files from anywhere on the filesystem.”
“Under a default configuration, Seagate wireless hard-drives provides a file upload capability to anonymous attackers with wireless access to the device’s /media/sda2 filesystem. This filesystem is reserved for the file-sharing.“
Yes, that’s just as horrible as it sounds. Because once some evil cybercriminal actually uses these vulnerabilities, all of the content available on the hard drive can be accessed and the drive can even be ‘gifted’ with some malware.
Apparently the devices primarily affected are the Seagate Wireless Plus Mobile Storage, the Seagate Wireless Mobile Storage, and the LaCie Fuel.
There is some good news though: Seagate already released a firmware (firmware 18.104.22.168) in order to address the issues on their drives. All you have to do in order to stay safe is to download it from the Seagate website (and install it of course). So – what are you waiting for?