It’s quite some time has passed since anyone reminisced about Apple’s router and cloud storage fusion known as Time Capsule. Launched in 2008 and halted in 2018, the item has largely faded into the annals of tech history. Consequently, when autonomous security expert Matthew Bryant recently made a purchase of a Time Capsule from the United Kingdom on eBay for $38 (plus over $40 for shipping it to the United States), he assumed he would merely be obtaining one of the enduring white monuments at the end of its lifespan. However, he unexpectedly stumbled upon something he hadn’t anticipated: a treasure trove of data that seemed to be a replica of the primary backup server for all European Apple Stores during the 2010s. The stash included maintenance tickets, employee banking information, internal corporate files, and emails.
“It contained every possible thing,” Bryant informs WIRED. “Files had been purged from the drive, yet upon conducting forensics on it, it was undeniably not empty.”
Bryant hadn’t encountered the Time Capsule by sheer chance. At the Defcon security conference in Las Vegas this past Saturday, he is disclosing results from a prolonged project in which he sifted through used electronics listings from platforms such as eBay, Facebook Marketplace, and China’s Xianyu, and then utilized computer visual analysis to detect gadgets that were previously part of corporate IT fleets.
Bryant realized that the vendors offering office equipment, prototypes, and manufacturing machinery often were unaware of the significance of their wares, so he couldn’t scour tags or descriptions to unearth enterprise treasures. Rather than that, he concocted an optical character recognition processing cluster by linking together a dozen decrepit second-generation iPhone SEs and exploiting Apple’s Live Text optical character-recognition feature to pinpoint conceivable inventory tags, barcodes, or other corporate designations in listing images. The setup kept an eye out for fresh listings, and if it identified a promising hit, Bryant would receive a notification to personally evaluate the device snapshots.
In the situation of the Time Capsule, the listing snapshots displayed a tag on the underside of the gadget that proclaimed “Property of Apple Computer, Expensed Equipment.” After scrutinizing the Time Capsule’s contents, Bryant informed Apple about his discoveries, and the corporation’s London security bureau eventually requested him to return the Time Capsule. Apple did not respond immediately to WIRED’s request for commentary on Bryant’s investigation.
“The prominent entity in the conversation for proofs of concept is Apple, as I regard them as the most sophisticated hardware corporation out there. They meticulously keep track of all their equipment and attach great importance to the security of their operations,” Bryant remarks. “Nevertheless, with any Fortune 500 company, it is nearly certain that their items will end up listed on platforms like eBay and other pre-owned markets at some point. I cannot think of any corporation where I haven’t chanced upon at least some equipment and received a notification about it from my system.”
Another notification from his search system directed Bryant to acquire a trial version of iPhone 14 meant for internal usage among developers at Apple. Such iPhones are desired by both malicious actors and security analysts because they frequently operate on exclusive versions of iOS that are less restricted than the regular product and feature debugging capabilities that are priceless for gaining insight into the system. Apple manages a scheme to allocate similar devices to select researchers, but the company solely bestows these specialized iPhones to a restricted cohort, and researchers have informed WIRED that they usually pertain to outdated iPhone models. Bryant states he disbursed $165 for the developer-designated iPhone 14.
