I'm thinking about using an AirPort Time Capsule for my Time Machine backup. I would certainly use encryption, but I'm still concerned about sensitive backup data sitting on a networked routing device that could get compromised.
The Apple website has this to say on backup security:
Don’t back up sensitive data to a network disk if you don’t trust the network administrators who control the disk. Instead, select a backup disk that’s under your own control, such as an external disk connected to your Mac.
This is a bit vague and it might simply refer to Time Capsules with multiple user accounts, so I'd like to know specifically: If there's some vulnerability in the AirPort Time Capsule and an attacker manages to compromise it and take over the Time Capsule by running arbitrary code on it, are my encryption key and the backup contents safe from them? I think this question breaks down into 2 parts:
- Does OS X encrypt everything locally and only send encrypted data to the Time Capsule?
- If an an attacker controlling my Time Capsule tries to trick OS X into doing an unencrypted backup, will OS X warn me first?
Best Answer
There are two ways of having backups encrypted.
First, Time Capsule allows for you to encrypt the disk. If you enable this, the disk can only be mounted by the device if you provide it with the password to do so. This encryption is local and thus doesn't address your concern. It does mean that if the disk somehow gets taken out of the TC, it can't be read.
Second, data stored on the Time Capsule as an encrypted volume. This is a setting in your computer and can be set on your Time Machine backups but also for any other volumes you store on the network drives (or anywhere else for that matter). This data can only be decrypted with the password. This data gets encrypted and decrypted on your computer, and although others might be able to see your backup volume, they won't be able to read it.