Seagate Wireless Hard Drives found to be vulnerable, company releases security patch to fix the issue
Storage drive maker, Seagate has just had a bad day.
The company’s wireless hard drives have been found to have a serious security vulnerability.
And it is one of the least unexpected ways, which actually has the issue. Wireless hard drives, as the name suggests are intended to work without a wired connection, and to do so, they require a username and password just like any other internet based service/device.
While the drives are able to connect just fine, and work without issues, the critical security issue, is that the drives are susceptible to attack from anyone on the same networl or from anywhere on the internet. In fact, calling it an attack is actually misleading, the user can easily gain to the drive, merely by using the default username and password combination, the drives shipped with.
Business Insider reports that this security exploit, could have been misused by attackers, who could have stolen the entire hard drive’s data. Worse still, an attacker could even download malicious code or apps to the hard drive which could compromise any device which it has been connected to. This vulnerability was found by the good folks over at Tangible Security, who informed Seagate, regarding the same. The hard drive manufacturer has acknowledged the issue, and has already released a patch to fix this loophole.
While that’s some very welcome good news, there is a bit of bad news as well. The patch in question will no be rolled out automatically. So users need to download it from Seagate’s official website. It is not yet clear if any attack took place using this exploit, but it is good that the security researchers have discovered and assisted Seagate to patch up the vulnerability.
But still, manually updating the firmware is not an easy task, and this poses a great risk, as the number of users who aren’t aware of the security issue, could indeed be many. The company has advised consumers to download the new firmware which patches the issue. It has also announced that consumers may reach out to its customer service number at 1-800-Seagate for technical assistance.
The number of remote code execution vulnerabilities, have been on the rise lately. Just yesterday, we came across a report about Kaspersky’s products found to be vulnerable to a critical zero day vulnerability. But it was also quickly patched up by the Russian security firm over the weekend.