If you use wireless hard drives, then this article could mean the difference between protecting your data and losing precious information.
It has been announced that there are security issues with a number of Seagate and LaCie wireless hard drives, with the result being that hackers could gain access to business data.
Which products and versions are affected?
The issues which have been flagged up cover:
- LaCie FUEL
- Seagate Wireless Plus Mobile Storage
- Seagate Wireless Mobile Storage
With regards to firmware, it’s 2.2.0.005 and 2.3.0.014 which are being reported to have the most critical vulnerabilities but there are other versions which could also be affected. If you aren’t sure whether you need to take action, load up your Seagate Wireless Plus menu in the browser, click ‘Settings’ and then ‘About’, choose the relevant option.
The details of the announcement
CERT has published the issues and vulnerabilities in an official announcement summary:
- CWE-798: Use of Hard-coded Credentials; CVE-2015-2874
Some Seagate wireless storage products provide undocumented Telnet services accessible by using the default credentials of ‘root’ as username and the default password.
- CWE-425: Direct Request (‘Forced Browsing’); CVE-2015-2875
Under a default configuration, some Seagate wireless storage products provides an unrestricted file download capability to anonymous attackers with wireless access to the device. An attacker can directly download files from anywhere on the filesystem.
- CWE-434: Unrestricted Upload of File with Dangerous Type; CVE-2015-2876
Under a default configuration, some Seagate wireless storage products provides a file upload capability to anonymous attackers with wireless access to the device’s /media/sda2 filesystem. This filesystem is reserved for file-sharing.
Take action if you are affected
If you use any of the affected wireless hard drives and in addition your firmware version is flagged up as being a critical concern, don’t take the announcement lightly. When vulnerabilities are uncovered by hackers, they will take the opportunity to access any of the Seagate or LaCie devices. The results could be devastating for businesses as this could mean that confidential documents and strategies could be read, edited, deleted or – particularly worryingly for companies where sensitive data is central to their industry – shared online for all to see. With it now being possible by cyber criminals to steal data from a network, encrypt it and then hold it ‘hostage’ until a substantial financial payment is made for it to be accessible again, cybersecurity is an aspect of commerce which should always be uppermost in the minds of business owners.
What to do next
If you’ve now discovered you are affected, take positive action today. Visit the Seagate website to download the most up to date versions of firmware and then back up your data as a failsafe action. Even if you don’t use the wireless hard drives which have issues, backing up data is essential for business continuity should there ever be any kind of data loss issue. Leaving information vulnerable is a scenario often encountered by experts Data Recovery Specialists who also advise anyone with data which can be damaged, deleted, hacked or stolen to regularly update passwords to keep security as tight as possible.