Apple’s Time Capsule, a network storage and router combo, may have faded into obscurity since its discontinuation in 2018, but independent security researcher Matthew Bryant recently stumbled upon a surprising discovery when he purchased one on eBay for just $38.
Upon inspecting the Time Capsule, Bryant uncovered a treasure trove of data that seemed to be a copy of the main backup server for all European Apple Stores from the 2010s. The data included service tickets, employee bank account information, internal documents, and emails.
This remarkable find wasn’t just a stroke of luck. Bryant had been diligently scouring secondhand electronics listings from various online platforms and using computer vision analysis to identify devices that were once part of corporate IT fleets.
By utilizing optical character recognition processing on listing photos, Bryant was able to pinpoint devices with corporate labels, like the Time Capsule that bore the tag “Property of Apple Computer, Expensed Equipment”. He promptly informed Apple of his findings, leading to the company’s request for him to return the Time Capsule.
Bryant’s project serves as a cautionary tale, highlighting the potential risks associated with the resale of corporate devices on platforms like eBay. His research has unveiled the vulnerability of even the most security-conscious companies, like Apple, to the threat of sensitive information falling into the wrong hands.
In a separate instance, Bryant’s search system also led him to acquire a prototype iPhone 14 designed for internal developer use at Apple. These exclusive devices are highly sought after by both malicious actors and security researchers due to their less restricted iOS versions and debugging capabilities.
While Apple provides select researchers with similar devices through a specific program, Bryant’s purchase of the developer-use iPhone 14 underscores the ongoing challenge of safeguarding confidential company assets in the ever-evolving landscape of secondhand markets.