SaysDave.com

I am still loving my new MacBook Pro, and I am still hating my other notebook (yes, it runs that dreadful Windows Vista). However, I wonder if one of Apple’s great tools, Time Machine, may not be a potential security vulnerability.

Time Machine is Apple’s automatic backup system. It allows me to use a second hard drive as a duplicate storage medium for everything on my MacBook Pro. Yes, everything: data, user settings, desktop…everything. If my MacBook Pro were to crash (or be stolen), the Time Machine drive can easily restore all of my settings and files to the new MacBook Pro. I risk losing only those files that were changed since the last automatic Time Machine backup. Since the backups run automatically every hour, I risk losing at most an hour’s worth of work. Even while I am working, Time Machine quietly backs up all my computer’s files.

I see a potential problem with this autmoatic backup system. I often work with data that requires careful handling, such as databases of passwords, network security settings, and personal data. These databases are in a variety of file formats, including relational databases, spreadsheets, and documents. Some of these files, such as the spreadsheets and documents are not locked while they are open, meaning the unencrypted version of the file may be temporarily stored on my hard drive while I am using the file. Because the file is stored on the drive, albeit temporarily, and it is not locked, Time Machine can back it up in its unencrypted state. This means that confidential data could be stored on my Time Machine drive without the protection that it would normally have if it were fully encrypted and saved on my computer’s hard drive.

What do you think? Is Time Machine a potential security vulnerability?