{"id":62,"date":"2008-01-18T15:37:55","date_gmt":"2008-01-18T23:37:55","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/2008\/01\/18\/security-review-apples-time-capsule\/"},"modified":"2008-01-22T09:16:16","modified_gmt":"2008-01-22T17:16:16","slug":"security-review-apples-time-capsule","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2008\/01\/18\/security-review-apples-time-capsule\/","title":{"rendered":"Security Review: Apple&#8217;s Time Capsule"},"content":{"rendered":"<p>Given the iPhone&#8217;s myriad vulnerabilities and the unrest spawned by their high-profile discovery and exploitation, perhaps the security aspects of new Apple products, such as the Time Capsule, merit our consideration. The Time Capsule is a sleek wireless hard drive that doubles as a 802.11n Wi-Fi base station.  Through the Time Machine application in OS X Leopard, the Time Capsule enables automated backup from multiple Macs to its 500GB or 1TB hard drive.  Security features include WPA, WEP, MAC address filtering, and a NAT firewall. However, the amount of configuration needed for these security features is not specified on Apple&#8217;s website, and the emphasis is on a easy setup (&#8220;a matter of a few clicks&#8221;).<\/p>\n<p><!--more--><strong>Assets and Security Goals<\/strong><\/p>\n<ul>\n<li>The data sent to the Time Capsule&#8217;s hard drive is clearly an asset, especially since it contains data that is deemed worthy of backing up from potentially multiple computers. The visibility of the data transfered to the Time Capsule should be protected and access to the data on the hard drive should be under the user&#8217;s control.<\/li>\n<li>Access to the network (internal and external) is a natural asset as well, so the user should also have the ability to control who can access the network.<\/li>\n<li>A user typically would not want an uninvited party using the backup device to backup their content, so use of the backup capability should be protected as well.<\/li>\n<li>The communication protocol between the Time Capsule and Leopard may be an asset that Apple seeks to keep secret. A hacker may potentially exploit the protocol to create a cheaper external hard drive that mimics the Time Capsule.<\/li>\n<\/ul>\n<p><strong>Potential Adversaries and Threats<\/strong><\/p>\n<ul>\n<li>Neighbors, those who live within the wireless range of the Time Capsule, are the most natural potential adversaries. As people who are regularly in range of the Time Capsule, they would have the most to gain from accessing its network or backup capabilities.<\/li>\n<li>Crackers may be interested in using the protocol for communication between the computers and the Time Capsules for unintended purposes, such as backing up to another device. In this case, &#8220;another device&#8221; could either owned by the user or, unbeknowest to the user, owned by an adversary.<\/li>\n<li>As with any wireless router, wireless eavesdroppers are an adversary. However, in the case of the Time Capsule, the data being transfered wirelessly also includes backup data on the hard drive.<\/li>\n<\/ul>\n<p><strong>Potential Weaknesses:<\/strong><\/p>\n<ul>\n<li>A device that mimics the Time Capsule (such as another Time Capsule in a neighbor&#8217;s house) may establish itself as a backup device on the user&#8217;s computer.<\/li>\n<li>Similarly, a device that mimics the Time Machine within Leopard may convince the Time Capsule that it is a member of the network.<\/li>\n<li>The user and software may leave security features unconfigured, leaving the wireless network more open.<\/li>\n<li>The data transfered wirelessly may not be encrypted adequately and be available to eavesdroppers.<\/li>\n<li>Malware on the computer could potentially trick the computer into backing up to, say, a hacker&#8217;s FTP server, instead of the Time Capsule. Since it will mainly be used for backup, discovery may be delayed until the user attempts to recover data.<\/li>\n<\/ul>\n<p><strong>Risks:<\/strong><\/p>\n<p>For a typical home user of the Time Capsule, tech-savvy neighbors are the most likely adversary. Neighbors are already at the right spot (within the wireless range) and they have the incentive of gaining regular access to the Time Capsule. For example, while it may be farfetched to imagine a hacker in a car outside in your neighborhood attempting to crack your Time Capsule, it is not hard to imagine a neighbor running some program that allows the neighbor to access the Internet and the backup capabilities of the Time Capsule.<\/p>\n<p>While may security options are available on the Time Capsule, the user&#8217;s failure to configure the security of the Time Capsule (whether intentional or not) may also increase the chance that an adversary would compromise it. Filtering based on MAC addresses, for example, would seem to deter the risk of unauthorized access to the network, but it may require setup that many users would not perform.<\/p>\n<p><strong>Conclusions:<\/strong><\/p>\n<p>While the wireless nature of the Time Capsule makes it an exceptionally convenient and useful backup device, it also introduces some new potential avenues for compromising the integrity of a user&#8217;s data and network. Despite the numerous &#8220;security features&#8221; listed with the product, their effectiveness in practice also depends on how &#8220;optional&#8221; they are. Outside of vulnerabilities due to security bugs, anything that depends on the user to perform unnecessary configurations can potentially be a weak link&#8211;one that may be of interest to those pesky neighbors.<\/p>\n<p>The combination of a wireless base station and a large hard drive may also introduce new possibilities for those who seek to apply new technologies for unintended purposes. Perhaps the ultimate security test will once again be left to the web&#8217;s enthusiastic community of hackers.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Given the iPhone&#8217;s myriad vulnerabilities and the unrest spawned by their high-profile discovery and exploitation, perhaps the security aspects of new Apple products, such as the Time Capsule, merit our consideration. The Time Capsule is a sleek wireless hard drive &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2008\/01\/18\/security-review-apples-time-capsule\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":16,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[47,46],"class_list":["post-62","post","type-post","status-publish","format-standard","hentry","category-security-reviews","tag-apple","tag-wi-fi"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/62","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=62"}],"version-history":[{"count":0,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/62\/revisions"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=62"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=62"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=62"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}