Skip to main content
X

Send us a Topic or Tip

Have a suggestion for the blog? Perhaps a topic you'd like us to write about? If so, we'd love to hear from you! Fancy yourself a writer and have a tech tip, handy computer trick, or "how to" to share? Let us know what you'd like to contribute!

Thanks for reaching out!

Vulnerability in Seagate, LaCie Wireless External Drives Prompts Release of Patch

LaCie FUEL Wireless Hard Drive

Owners of Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie FUEL devices purchased since October 2014 will want to point a web browser to the Seagate website as soon as possible after Tangible Security identified a security vulnerability in the drives that could expose data to malicious attackers.

The LaCie FUEL drives should be of particular interest to readers of the OWC Rocket Yard Blog, as they’re offered for sale by OWC in 1TB and 2TB capacities. The drives feature their own built-in 802.11n Wi-Fi network and are useful for storing or retrieving data wirelessly, particularly in the field.

The vulnerability includes a hard-coded username and password (“root” for both) that gives attackers access to an undocumented Telnet service in the device. Telnet is used from the command line of many operating systems to log into remote computers over an Internet or local network connection. Attackers could use the flaw to take control of the remote drive, steal files from it, and even turn it into a “robot” for attacking others.

Another flaw gives attackers unrestricted file download access once in range of the device’s wireless network, while a third defect could let attackers upload malicious files to the device. If a user were to download one of the malicious files, it could compromise their Mac or PC as well.

If your device is running firmware versions 2.2.0.005 or 2.3.0.014, there’s a patch available directly from Seagate to upgrade the drive firmware to version 3.4.1.105. Seagate’s Download Finder allows the entry of your device’s serial number to determine if the firmware needs to be updated.

Steve Sande
the authorSteve Sande
Contributing Author
Steve has been writing about Apple products since 1986, starting on a bulletin board system, creating the first of his many Apple-related websites in 1994, joining the staff of The Unofficial Apple Weblog in 2008, and founding Apple World Today in 2015. He’s semi-retired, loves to camp and take photos, and is an FAA-licensed drone pilot.
Be Sociable, Share This Post!

Leave a Reply