Snippet: The New MacBook’s Single Port May Not Come with a Major Security Risk ☇

Shared on March 16, 2015

Russell Brandom for The Verge:

But while the new port is powerful, it also comes with serious security problems. For all its versatility, USB-C is still based on the USB standard, which makes it vulnerable to a nasty firmware attack, and researchers are also concerned about other attacks that piggyback on the plug’s direct memory access. None of these vulnerabilities are new, but bundling them together with the power cord in a single universal plug makes them scarier and harder to avoid. On a standard machine, users worried about USB attacks could simply tape over their ports, but power is the one plug you have to use. Turning that plug into an attack vector could have serious security consequences.

This is something that I’m surprised hasn’t been patched or attempted to be patched, but I’m sure smarter people will be happy to explain why not. That being said, it’s a bit scarier that you could have a compromised charger sending an attack. I thought the comment from “RogWilco” made the most sense and a great opportunity for some vendor:

This was my thought as well. Might be an opportunity for someone to sell a new accessory. A USB “condom” if you will: a mini female to male USB-C adapter that terminates everything except the power pins, passing those through to the host device.

Belkin, Griffin, NewerTech/OWC?

Update: Apparently you cannot flash the firmware on the MacBook via USB, so the whole point is moot.

Snippets are posts that share a linked item with a bit of commentary.