Security Review: Apple’s Time Capsule

By iddav at 3:37 pm on January 18, 2008 | 6 Comments

Given the iPhone’s myriad vulnerabilities and the unrest spawned by their high-profile discovery and exploitation, perhaps the security aspects of new Apple products, such as the Time Capsule, merit our consideration. The Time Capsule is a sleek wireless hard drive that doubles as a 802.11n Wi-Fi base station. Through the Time Machine application in OS X Leopard, the Time Capsule enables automated backup from multiple Macs to its 500GB or 1TB hard drive. Security features include WPA, WEP, MAC address filtering, and a NAT firewall. However, the amount of configuration needed for these security features is not specified on Apple’s website, and the emphasis is on a easy setup (“a matter of a few clicks”).

Assets and Security Goals

  • The data sent to the Time Capsule’s hard drive is clearly an asset, especially since it contains data that is deemed worthy of backing up from potentially multiple computers. The visibility of the data transfered to the Time Capsule should be protected and access to the data on the hard drive should be under the user’s control.
  • Access to the network (internal and external) is a natural asset as well, so the user should also have the ability to control who can access the network.
  • A user typically would not want an uninvited party using the backup device to backup their content, so use of the backup capability should be protected as well.
  • The communication protocol between the Time Capsule and Leopard may be an asset that Apple seeks to keep secret. A hacker may potentially exploit the protocol to create a cheaper external hard drive that mimics the Time Capsule.

Potential Adversaries and Threats

  • Neighbors, those who live within the wireless range of the Time Capsule, are the most natural potential adversaries. As people who are regularly in range of the Time Capsule, they would have the most to gain from accessing its network or backup capabilities.
  • Crackers may be interested in using the protocol for communication between the computers and the Time Capsules for unintended purposes, such as backing up to another device. In this case, “another device” could either owned by the user or, unbeknowest to the user, owned by an adversary.
  • As with any wireless router, wireless eavesdroppers are an adversary. However, in the case of the Time Capsule, the data being transfered wirelessly also includes backup data on the hard drive.

Potential Weaknesses:

  • A device that mimics the Time Capsule (such as another Time Capsule in a neighbor’s house) may establish itself as a backup device on the user’s computer.
  • Similarly, a device that mimics the Time Machine within Leopard may convince the Time Capsule that it is a member of the network.
  • The user and software may leave security features unconfigured, leaving the wireless network more open.
  • The data transfered wirelessly may not be encrypted adequately and be available to eavesdroppers.
  • Malware on the computer could potentially trick the computer into backing up to, say, a hacker’s FTP server, instead of the Time Capsule. Since it will mainly be used for backup, discovery may be delayed until the user attempts to recover data.

Risks:

For a typical home user of the Time Capsule, tech-savvy neighbors are the most likely adversary. Neighbors are already at the right spot (within the wireless range) and they have the incentive of gaining regular access to the Time Capsule. For example, while it may be farfetched to imagine a hacker in a car outside in your neighborhood attempting to crack your Time Capsule, it is not hard to imagine a neighbor running some program that allows the neighbor to access the Internet and the backup capabilities of the Time Capsule.

While may security options are available on the Time Capsule, the user’s failure to configure the security of the Time Capsule (whether intentional or not) may also increase the chance that an adversary would compromise it. Filtering based on MAC addresses, for example, would seem to deter the risk of unauthorized access to the network, but it may require setup that many users would not perform.

Conclusions:

While the wireless nature of the Time Capsule makes it an exceptionally convenient and useful backup device, it also introduces some new potential avenues for compromising the integrity of a user’s data and network. Despite the numerous “security features” listed with the product, their effectiveness in practice also depends on how “optional” they are. Outside of vulnerabilities due to security bugs, anything that depends on the user to perform unnecessary configurations can potentially be a weak link–one that may be of interest to those pesky neighbors.

The combination of a wireless base station and a large hard drive may also introduce new possibilities for those who seek to apply new technologies for unintended purposes. Perhaps the ultimate security test will once again be left to the web’s enthusiastic community of hackers.

Filed under: Security Reviews6 Comments »

6 Comments

  • 1
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Fabian

    January 18, 2008 @ 9:54 pm

    Apple’s Time Capsule looks very similar to wireless hard drive that has been available in the market. Based on Apple’s good track record in their product quality, we can probably be given assurance that Apple had though this through and will ensure the device security. However, we also need to be skeptical and should know more how put the security in place, because it is our data that will be at risk in the end.

  • 2
    Get your own gravatar for comments by visiting gravatar.com

    Comment by cbhacking

    January 22, 2008 @ 2:03 am

    After the insane security vulnerabilities of the iPhone (Jailbreak, etc.), I wouldn’t make any assumptions of Apple’s security based on track record.

    A reminder for anybody who didn’t read one of the earlier posts in the class: MAC address filtering is COMPLETELY insecure. It’s probably more of an inconvenience for the average legit users (who are unlikely to be very computer-literate) than for an attacker (who probably snoops MAC addresses and spoofs his/her own so often he/she probably has a script set up to do it – honestly, it’s a single CLI instruction on Linux to change your MAC address, and on Windows it’s a registry key that is harder to find but still dead easy to change).

  • 3
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Soo-Shin

    March 20, 2008 @ 12:52 pm

    Another risk of snapshot technology such as time capsule is that files are never removed. Once a file has been created and archived, it exists on time capsule regardless of whether it was later changed or deleted.

  • 4
    Get your own gravatar for comments by visiting gravatar.com

    Comment by E Gilbert

    March 25, 2008 @ 4:01 pm

    If someone wants to sabotage the utility of Time Capsule, they can just steal the drive. There are counter-measures to this threat, of course, but the threat must be recognized and the counter-measures actually must be taken by each user. Most situations have some physical security, but some situations will be opportunities and it doesn’t take a lot of skill to carry out the denial.

  • 5
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Alvin

    April 25, 2008 @ 9:58 am

    I think this is the wireless hard drive and it already has in the market. But I would not trust this Cutter, because leaked information can do very expensive. I think that this novelty is too unreliable and doomed to failure.

  • 6
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Dan Walters

    June 4, 2008 @ 3:23 am

    In my place of work we have multiple time capsule machines (4) hooked up to our local area network (wired ethernet)

    The wireless capabilities of these routers are switched off, as they are not required.

    We found that for their price they are relitively good value for money, and our mobile machines, ie laptops, can sync back in, when they return to the office.

    With 4TB of backup space available, we’ve found that we can continue with our work, knowing that time machine is backing it all up in the background.

    In our line of work, versioning is a big issue, with many designs going through different stages. – all of which can be recovered with time machine.

    Providing there is enough physical security (ie our servers are kept in a secure basement) and our internet security is adequate, I don’t believe there is a majour issue with backing up data.

RSS feed for comments on this post