is there a way to prevent OSX from automounting an iphone?

Discussion in 'Mac Basics and Help' started by zimv20, Feb 27, 2018.

  1. zimv20 macrumors 601

    zimv20

    Joined:
    Jul 18, 2002
    Location:
    toronto
    #1
    yesterday, a stranger thought it perfectly cool to plug his iphone into my work macbook when i wasn't looking. in all honesty, i think he is just a clueless twit who wanted a charge, but i was horrified all the same.

    i've run a full system scan with ClamXAV, plus used some other tools from Objective-See.

    what i would like is to configure my machine so that anything plugged in does not automount, and i would then get a chance to proceed w/ mounting or reject it.

    i tried Disk Arbitrator on my home laptop as a test, but it doesn't work correctly:

    1. even when enabled and set to Block Mounts, it happily mounted my iphone (indeed, it was the *iphone* that asked to trust the *computer*)
    2. though an inserted USB stick did get blocked, it did not mount properly when i used DA to tell it to mount

    am i using DA incorrectly? am i incorrectly assuming that a tool that blocks automount of drives shouldn't necessarily do the same for a phone? is there another solution? keep in mind this is for strange devices, so i would not know any IDs ahead of time such that i could use the FS table, per this solution.

    my work laptop is on High Sierra (10.13.13).
    my home laptop is on El Cap.
     
  2. casperes1996 macrumors 68040

    casperes1996

    Joined:
    Jan 26, 2014
    Location:
    Horsens, Denmark
    #2
    Why freak out over an iPhone being connected? They can't transfer data to the Mac outside of iTunes sync or Photos. It's not like arbitrary code could've been run on the computer.

    I get wanting to block USB devices from mounting in general though. I haven't been able to find any info on that in any of the man pages I've consulted though
     
  3. zimv20 thread starter macrumors 601

    zimv20

    Joined:
    Jul 18, 2002
    Location:
    toronto
    #3
    is that true? i've been lead to believe this is an attack vector.
     
  4. casperes1996 macrumors 68040

    casperes1996

    Joined:
    Jan 26, 2014
    Location:
    Horsens, Denmark
    #4

    From a normal flash drive, yes that risk exists. From an iPhone, no. The OS handles the phone differently. - There may be ways of getting around it on jailbroken devices, but I've never heard of it.

    With regular flash drives, there are tangible risks to consider.... Hell, there may be issues like what KDE experienced not super long ago, where even just the name of an exFAT flash drive could be a command that would then run.
     
  5. zimv20 thread starter macrumors 601

    zimv20

    Joined:
    Jul 18, 2002
    Location:
    toronto
    #5
    ok, we agree that it's a risk having a laptop in an open environment where someone can wander by and insert a USB drive. so far, Disk Arbitrator is the best free utility i've found. but it doesn't work perfectly and i'd like to know what else is available. if i can also block automount of phones, that's even better.
     
  6. chscag macrumors 68030

    chscag

    Joined:
    Feb 17, 2008
    Location:
    Fort Worth, Texas
    #6
    Install a firmware password on your MacBook. However, make sure you don't forget it. ;)
     
  7. zimv20 thread starter macrumors 601

    zimv20

    Joined:
    Jul 18, 2002
    Location:
    toronto
    #7
    i have filevault enabled and don't know much about firmware password. how would it help in this instance?
     
  8. Mr_Brightside_@ macrumors 68030

    Mr_Brightside_@

    Joined:
    Sep 23, 2005
    Location:
    Toronto
    #8
    By what? I don't know that this is accurate.
     
  9. zimv20 thread starter macrumors 601

    zimv20

    Joined:
    Jul 18, 2002
    Location:
    toronto
    #9
    let's separate what's possible from what's likely.

    is it likely that the phone from yesterday could install malware on my macbook? no.

    is it possible that there exists a phone that could do so? or to put it this way: do i trust apple's engineers enough that they have created something that none of, say, the NSA, FBI, or GRU could defeat? no, i do not trust apple's engineers to that extent.

    again, i do not think it's likely, at all, that i faced that yesterday. but i do work in an open environment and everyone here leaves their machines unattended to go to lunch, etc. Since i rarely plug anything into the macbook, vs the massive opportunities that exist for anyone to come by and access a USB port w/o me looking, i think it's a reasonable security measure to disable automount. for everything coming through the USB port, phone or otherwise.
     
  10. NoBoMac macrumors 68020

    Joined:
    Jul 1, 2014
    #10
  11. chscag macrumors 68030

    chscag

    Joined:
    Feb 17, 2008
    Location:
    Fort Worth, Texas
    #11
    A firmware password prevents any kind of external drive, USB, or whatever from making changes to your hard drive, password, etc. Remember, FileVault does not protect you if someone gains access to your machine while it's on and you are signed in. You can read about what a firmware password does from Apple in their KB.
     
  12. Mike Boreham macrumors 68000

    Joined:
    Aug 10, 2006
    Location:
    UK
    #12
    What do you mean by "automount" in this situation? What did you see happen on the computer? Did iTunes open?

    If that is the issue you can prevent that in iTunes>Preferences>Devices. Check the box labeled "Prevent iPods, iPhones, and iPads from syncing automatically".

    I have always kept this checked and iTunes does not open when a phone is connected, not does anything else happen.
     
  13. hobowankenobi macrumors 6502a

    Joined:
    Aug 27, 2015
    Location:
    on the land line mr. smith.
    #13
    MDM Profiles can limit drive mounting, or require authentication. Not sure it would prevent the iPhone, but should prevent any external from mounting until approved/authenticated.

    The challenge is generating a Profile if you don't have access to Profile Manager built into Server: Screen Shot 2018-02-27 at 3.32.18 PM.png ....

    ...Perhaps it is also possible to change a preference via defaults write?
     
  14. zimv20 thread starter macrumors 601

    zimv20

    Joined:
    Jul 18, 2002
    Location:
    toronto
    #14
    great point and good read. thanks for the link.
    --- Post Merged, Feb 27, 2018 ---
    yep, good point. thanks for the reminder.
    --- Post Merged, Feb 27, 2018 ---
    didn't know about that option, thanks for pointing it out.
    --- Post Merged, Feb 27, 2018 ---
    can you elaborate? unsure what you mean here.
     
  15. hobowankenobi macrumors 6502a

    Joined:
    Aug 27, 2015
    Location:
    on the land line mr. smith.
    #15
    Well, for those unfamiliar with Profiles, they are easy to use, but to be created, one needs Profile Manager (a feature of MacOS Server), or some other third party tool create a profile.

    But, to the point, profiles have the option to require authentication to mount all external drives...which would remove the risk of anybody plugging an infected anything into a Mac, and have it auto-mount.
     
  16. casperes1996 macrumors 68040

    casperes1996

    Joined:
    Jan 26, 2014
    Location:
    Horsens, Denmark
    #16

    You're right on here. Regarding phones, at least a non-jailbroken iPhone I would say is not a risk at all, and I'm as much a security looney as anyone. Jailbroken iPhones I don't know about - and other phones - might as well be generic USB devices.

    Someone else mentioned a firmware password, and I didn't realise it did any securing when you're already logged in - I thought it was only for booting, but to set one you boot into recovery mode and select the Firmware Password utility from the menu bar. Forgetting it will render the computer entirely useless though, so don't
     

Share This Page

15 February 27, 2018