Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
USB-C Accessories Need User Permission to Communicate With Apple Silicon Macs Running macOS Ventura
- Thread starter MacRumors
- Start date
- Sort by reaction score
It's for the scenario you asked about - someone other than the user plugging a USB device into their computer.
Given the number of really scary USB hardware based exploits out there that often require zero user interaction this is a great/much needed feature that should have gotten a shoutout during the Keynote. The best part is it will still charge devices (LOL) so for those who goes around using random charging cables (people who love to live dangerously and your everyday non tech savvy user) they can still... do that...
I think it’s more for those times you plug into a random usb outlet to charge. A coffee shop, hotel, or airport. Any of those could have been modified with malicious intent. That’s why iOS got the option to disallow USB data connections while locked a while back. It hasn’t been as big of a deal in the past for laptops, USBC PD is becoming powerful enough that it’s not unreasonable to plug in to a usbc port without a normal power brick.
This is the main vector. A device pertaining to be a USB stick actually is a keyboard that can inject keystrokes and infect a machine.
shop.hak5.org
USB Rubber Ducky
NEW VERSION OF THE BEST SELLING HOTPLUG With a few seconds of physical access, all bets are off...
shop.hak5.org
Yeah saw a video on this the other day. I knew things like this existed but... it's shocking to realize just how "mass market" this stuff is at this point. Oh, and you can stuff those capabilities in a seemingly normal lightening / USB cable as well. Hell you can buy prebuilt ones on the web. Scary stuff.This is the main vector. A device pertaining to be a USB stick actually is a keyboard that can inject keystrokes and infect a machine.
USB Rubber Ducky
NEW VERSION OF THE BEST SELLING HOTPLUG With a few seconds of physical access, all bets are off...
TL : DR Be careful out there everyone. Don't use cables that aren't yours. You don't need to be being targeted by sophisticated actors to be vulnerable to this kind of attack anymore. We're basically at the point where anyone with some spare cash and basic scripting can hack your device with one of these.
This is a good scenario although I very much doubt both will stop working at the same time. It’s usually one or the other but both both.
Not necessarily random actors... hacking USB-C charger cables and charging bricks is a known method of attacking a system.
Have you never seen Jack Bauer plugging in a USB device to wreak all kind of damage?
A couple problems:
1. How's the "permission" works? Only for data transfer? Or include power delivery as well?
2. I am not confident this update would prevent USB killer attack (a.k.a plugging in modified USB drive full of capacitors to destroy a computer.
3. How would this work with desktop mac that comes with separate keyboard and mouse? Does that mean user would need Apple-branded keyboard and mouse to approve the use of third party keyboard and mouse?
1. How's the "permission" works? Only for data transfer? Or include power delivery as well?
2. I am not confident this update would prevent USB killer attack (a.k.a plugging in modified USB drive full of capacitors to destroy a computer.
3. How would this work with desktop mac that comes with separate keyboard and mouse? Does that mean user would need Apple-branded keyboard and mouse to approve the use of third party keyboard and mouse?
No that wouldn't work.The OS would detect the new USB device being connected and ask if it is OK. Hub or no hub!!
How is this underrated if it’s just been announced? Give it a few months on people’s hands.
Nice feature.
I prefer these behind-the-scenes changes rather than flashy but confusing fratures, like stage manager.
I prefer these behind-the-scenes changes rather than flashy but confusing fratures, like stage manager.
This will be a nightmare for technicians, clearly will lock people out of their keyboard & mouse (Apple will likely say use Bluetooth keyboards) and solves almost nothing. How many Macs have had their USB exploited? Probably not a single one. Users who plug something in will always click allow, because they already consciously plugged it in themselves. Criminals who plug something in can also just click allow. So what does it accomplish? Public chargers the only use case I can think of, which would only need to be portable Macs and wouldn't need USB blocking for desktops.
I do get the permission notification/dialog regularly when I charge my iPad Pro 11 with a dumb IKEA charger. It never shows up when I use the original Apple charger.
Was always wondering if this is a problem with the IKEA charger or maybe the third party cable I am using.
Charging seems to work even if I don't acknowledge the prompt.
Was always wondering if this is a problem with the IKEA charger or maybe the third party cable I am using.
Charging seems to work even if I don't acknowledge the prompt.
As long as drives mount as fast as on Big Sur again this is cool. If they take even longer than Monterey, Ventura better come with a Starbucks gift card so we have something to do while we wait for the machine to boot.
Probably the thought is that if you have a hub it's likely in secured location: your house, etc. So you can monitor what you plug in that way. The main goal of this is preventing you getting hacked by someone plugging in a USB drive (or tricking you into plugging into a hacked charger) while on the go.
From the article: 'This doesn't apply to power adapters, standalone displays, or connections to an approved hub.'
Perhaps HID class devices do not need approval.that is, when you'll find out, they missed that use-case in testing