Security flaws on wireless hard drives

Seagate and LaCie wireless hard drives have some serious security flaws
which can be fixed with a firmware upgrade

Security flaws on wireless hard drives...

It has been discovered that security issues in some Seagate and LaCie wireless hard drives could allow hackers to access a user’s critical information. These effect the LaCie FUEL, Seagate Wireless Plus Mobile Storage and Seagate Wireless Mobile Storage.

Firmware versions 2.2.0.005 and 2.3.0.014 are especially vulnerable and other firmware versions may be affected. To check your firmware version, simply load the Seagate Wireless Plus menu in your browser and select the appropriate option from the Settings -> About menu. The following text is taken directly from the CERT announcement and summarise the vulnerabilities.

CWE-798: Use of Hard-coded Credentials – CVE-2015-2874
Some Seagate wireless storage products provide undocumented Telnet services accessible by using the default credentials of ‘root’ as username and the default password.

CWE-425: Direct Request (‘Forced Browsing’) – CVE-2015-2875
Under a default configuration, some Seagate wireless storage products provides an unrestricted file download capability to anonymous attackers with wireless access to the device. An attacker can directly download files from anywhere on the filesystem.

CWE-434: Unrestricted Upload of File with Dangerous Type – CVE-2015-2876
Under a default configuration, some Seagate wireless storage products provides a file upload capability to anonymous attackers with wireless access to the device’s /media/sda2 filesystem. This filesystem is reserved for file-sharing.

These security vulnerabilities should not be underestimated. They could allow an attacker to access a wireless Seagate or LaCie device. With full access, the attacker could read, amend, or delete files from the hard drive. Seagate says, “affected users are encouraged to update the firmware as soon as possible.” The revised firmware can be downloaded from Seagate’s website and flashing the firmware should rectify the problem. Whenever upgrading firmware, it is always best to back up data. If there is an interruption in the update, data loss can occur. Users are also advised to review passwords on any network-attached storage device to ensure security.

Categories

Cloud Storage (1)

Computer Forensics (2)

Data Recovery (90)

Data Recovery Specialists News (1)

Data Security (3)

Hard Drive Data Recovery (3)

Mobile Phone Recovery (1)

RAID Data Recovery (21)

SSD Data Recovery (4)

Technology (73)

Free Diagnosis

"Our free hard drive data recovery evaluation service will tell you whether your data can be recovered, exactly how much it will cost and how long the data recovery will take. Simply phone or email us for a job number and send your data recovery to us. Your hard drive or media will be photographed, catalogued and bar-coded and the data recovery evaluation will start within an hour of receipt."

Listing Of Recoverable Files

"Once in the laboratory, your media will undergo a comprehensive data recovery evaluation to determine the extent of the data loss. We aim to complete this process within 24 hours depending on the complexity of work involved. The engineers will provide a no obligation recovery prognosis, with a guaranteed list of recoverable files and an estimated timescale. You can then decide whether to proceed with the recovery. Should you choose not to proceed, we will return your media by secure data courier."

Completing the Process

"Should you choose to proceed, the data recovery process will be completed and the data will be safely stored on our servers. We will then copy out the data to your preferred choice of output media - either 64Gb memory stick or HDD (for purchase or loan). Your data will be dispatched on our secure, next day courier service. Once you have received your data any copies of your data will be permanently and securely erased from our servers after 7 days."

Established and Trusted

"40 years experience in the data recovery industry chairing ISO and BSI standards, we have developed a reputation for excellence at a price that is affordable. With extensive data recovery research and development capabilities, our success rates are second to none - without compromising on our prices! This is why over 36,000 companies and individuals come to us every year."

Safeguarding Your Data

"Your data is important to us, which is why all our data recovery procedures comply with the Association of Chief Police Officers Guidelines and Civil Procedure Rules for handling electronic evidence. Great care is taken when recovering and handling your data to ensure that its integrity is maintained and that there is a clear audit trail through the entire data recovery process."

Industry Leading Diagnostics

"Our data recovery laboratory completes over 120 successful recoveries every day from clients including the British Petroleum, NHS and EDF Energy. With ISO 27000 (Information Security) and ISO 9001 (Quality Management) accreditation - we are a data recovery company you can rely upon! Class 100 clean rooms, specialised platter removal jigs and software applications allow us to provide the most comprehensive service in the industry."

"Absolutely fantastic"

"Absolutely fantastic customer service from a very professional, efficient and friendly team. They are great at communicating findings and keeping you up to date with recovering any lost data. We had a corrupt video file recovered using the express service and the work was completed very quickly. I highly recommend using Data Recovery Specialist and rate the service and experience a 10/10"
Will Lloyd
Five Star Review

"Service I received was great"

"The data recovery service I received was great. They were very clear from the outset about what may and may not be possible and what the cost would be. From my device being collected by a courier, to a new device being sent back to me only a matter of days later, they were in touch every step of the step way to let me know what was happening. "
Lucy Owen
Five Star Review

"I found the service easy use"

"I found the service easy use. The recovery of my data was carried out extremely efficiently. It wasn’t cheap but the cost included a new Hard Drive. The issue for me was the recovery of my photographs, some of which were really irreplaceable. Everything I needed was carried out and the data was returned to me on the new hdd in a manner that followed my own distribution."
Martyn Webster
Four Star Review

"Delivered in the timescales promised"

"The service from start to finish was excellent. Before contacting DRS I had been advised I needed their type of specialist service. The technical service and customer service was always top class, everything was delivered in the timescales promised. It was expensive but it recovered the irreplaceable and that, in its way, is priceless."
Martin Goff
Five Star Review

"I would definitely recommend them"

"My external hard drive failed and the local company I tried couldn't retrieve anything from it. I found Data Recovery Specialists through an online search and they responded to my initial query very quickly. I sent my hard drive to them and they were able to recover all my data very quickly, keeping me informed of what was going on the whole time. Great service and I would definitely recommend them."
Lorraine Bunce
Four Star Review

"Would recommend to anyone"

"Excellent service, I felt completely at ease sending my hard drive to be fixed with Data Recovery Specialists. Would recommend to anyone needing help salvaging their hard drives."
Jemima le Sueur
Five Star Review

"Helped me retrieve the data"

"I had a damaged external hard disk that my local computer shops were unable to repair. Data Recovery Specialist help me retrieve the data quick. It's not a cheap service but it works and the data recovered was far more valuable than the repair cost. "
Music Law Contracts
Four Star Review

"Quick and professional service"

"I had dropped my external while it was spinning so did huge amounts of damage. I contacted several companies and opted for DRS. They were very quick with communication, explained everything for someone who’s not terrifically technically minded and put it all in writing as well. Collection of my device was simple, the turn around time was quicker than I expected and they kept me informed right through the process. Really pleasant and professional company. If I do break something, they would be my first port of call, but I’m hoping I won’t!"
Alex West
Five Star Review

"Fantastic job"

"The guys did a fantastic job in recovering my very important data. My interaction with Daniel Rees was very good, he was honest with what he could do to recover my very important Data. I also found their customer service department especially Roger a pleasure to deal with. My only real concern is that I found the company to be too expensive, however I scored them a 5 star as they recovered 100% of my very important Data."
Richard Daniel
Four Star Review

"Recovered my precious data"

"The guys at Data Recovery were excellent, especially Daniel Rees and Roger from customer service, who throughout my interaction with them kept me informed and were honest with regards to what they could do to recovery my precious data. They were very expensive but I've given them 5 stars as they manage to recovery all 100% of my data."
Ricky Daniel
Five Star Review

"The best in data recovery"

"After a bad experience with my local computer shop who had my dead hard drive for a week and said the data could not be recovered, I sent my hard drive to Data Recovery Specialists. Rapid, amazing service. Had a report of files available in 24h and 100% of data was recovered from hard drive. These guys are the pros! "
Michael Paterson
Five Star Review

"The data recovery service was first rate"

"The data recovery service was first rate from start to finish. My hard drive was collected quickly by a pre arranged courier service and returned quickly in the same manner.I was kept informed by telephone at all parts of the recovery and all my data was returned.I can fully recommend this company to anyone."
Cecilia Gregson
Five Star Review

Stay Connected

0800 223 0162
sales@datarecoveryspecialists.co.uk

Data Recovery Services Limited | Registered Number 04417876 | VAT Number 803 1178 66

Website by IT Pie – web design Cardiff

Contact Us!

To speak with one of our Sales Team call us on:
0800 223 0162
Alternatively enter your details below followed by your enquiry and one of our team will get back to you.

Quick Enquiry

Security flaws on wireless hard drives