0
One of Han Solo’s trademark lines was “I’ve got a bad feeling about this.” Ever since I started thinking about getting the 2018 i9-based, 32GB MacBook Pro, I’ve been having a bad feeling, but I couldn’t put my finger on what it was.
Yes, there have been discussions about performance throttling based on how hot the machine gets. And yes, there’s always the discussion of the butterfly keyboard.
Even if every other precaution has been taken, the mere necessity of keeping the devices charged up puts machines at risk.
Plus there’s the lack of ports. I make active use of the USB 3.0 and Thunderbolt ports, as well as the SD card slot on my 2015 i5-based MacBook Pro.
But it’s not any of those concerns. I’m aware of them. It’s been something else. Something serious. Something that can be trouble for any modern MacBook Pro user. But for weeks, I haven’t been able to identify what was causing the tickle on the back of my neck.
Then, last night, as I plugged my current MacBook Pro into its snuggly MagSafe 2 power connector, I thought, “I’m going to miss the convenience of this.” And then it came to me.
It’s the USB-C ports. Because of the USB-C ports, all MacBook Pros introduced since late 2016 are inherently unsafe. Likewise, all of the 12-inch MacBooks introduced since 2015 are inherently unsafe.
It’s all about the power
Okay, follow along with me. With my 2015 MacBook equipped with a MagSafe port, if I want to charge the machine, I just plug it in. There’s no risk of a data connection. As long as I have networking off and nothing plugged into any of my ports, I’m safe. I’m air-gapped from the rest of the world.
MacBooks before 2015 and MacBook Pros before 2016 could charge without any risk, as long as everything else was off, empty, or disconnected.
Also: Air-gapping the planet: How to travel safely in digitally scary places
Prior to the USB C-only MacBook Pros, at least charging the device wasn’t a possible hacking vector.
But with the MacBook from 2015 on, and for the MacBook Pros from 2016 on, the only way you can charge the notebook is by connecting to a USB-C port.
That’s right. In order to charge the machine, you must connect to a port capable of transferring data. You have no choice.
For Apple, a company whose enhanced security has been one of its main selling points for years, this is a short-sighted, potentially brand-damaging, and dangerous decision.
In Europe, it could be worse
To be fair, this has long been a problem with iPhones (until the iPhone 8 and X who allow wireless charging). To charge any iPhone via cable, you’ve always had to plug in a data-capable connector, whether it was the old 30-pin dock connector or the Lightning connector.
For other smartphones, the problem is similar, although most phones used micro USB connectors, and now, most use USB-C connectors.
From a security point of view, wireless charging, like that on the newer iPhones and Galaxy S9, can be a substantially safer way to go, because you’re able to charge the devices without ever plugging in a data-capable cable.
Of course, at least for Android devices, there are still serious malware threats that can enter the device via text, email, browsing, and p0wn3d apps, but at least one path of least resistance can be closed up.
In Europe, though, USB-C could be a real problem. The EU is considering mandating a switch to USB-C as the standard connector for all phones.
Read also: Why the EU might force Apple to swap its Lightning connecter for USB
While this type of standardization does have its benefits, if the EU extends its USB-C demands to notebook computers, those computers that still charge with external, dedicated charging connectors might be forced to use a data-capable connector for charging.
While Apple has moved all its notebooks to USB C-based charging, many Windows-based laptops can still be air-gapped while charging.
Why worry about this
I kind of like to use the adapters and dongles that come with the products I buy. Maybe you do, too. At this point, though, I’m willing to bet that most of us have a bin of dongles, adapters, and cables of uncertain origins. It’s not unusual to borrow cables, dongles, and chargers when we’re caught with our batteries down.
That was all well and good back when MacBooks required Apple-made chargers. Even then, there were aftermarket providers. But now, you’re expected to plug your USB-C adapter into a MacBook Pro on one side, and into a possibly random USB charger on the other. That’s where the trouble begins.
As far back as 2013, CBS News reported on fake Apple chargers (in this case, for iPhones). Last year, I wrote about how USB chargers are available that not only charge devices, but spy on you. Spying isn’t the only problem. Many of the fake brand name or inexpensive aftermarket chargers are unsafe as well. Such chargers can cause shocks or even fires.
This is such an ongoing problem (even with Lightning cables) that Apple has a page dedicated to explaining how to identify counterfeit chargers.
Now, let’s take the risk up a notch. Apple products are in active use in some very sensitive operations. Back in the day, President Obama was known to use both an iPad and a MacBook Pro.
In 2016, the US Department of Defense may (or may not) have dodged this bullet. In June of 2016, the DoD awarded an IT contractor $5,245,064 for the purchase of roughly 2,000 MacBook Pros.
Also: How I learned to stop worrying and love USB Type-C
My next Mac purchase
As for me, my once-powerful 2013 iMac definitely needs to be replaced. While the new i9 MacBook Pro could do the job, I don’t really need another notebook. What I really want is an updated Mac mini with pro specs. Since we’re expecting the next set of Mac announcements near the end of this month, I’ll hold of buying at least until then.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.
Related Topics:
Apple
Security TV
Data Management
CXO
Data Centers
0