Sign up to our newsletter
When Apple announced the new Macbook, the company took the headline grabbing decision to reduce the number of ports to just a single USB Type-C access point. Apple is not alone, as Google’s flagship Chromebook Pixel will also adopt the port. It will both charge your laptop battery and offer fast data transfer speeds, but what does this mean for security?
BGR raised early concerns noting that there have been USB threats in the past, such as Bad USB (covered by We Live Security here). In the case of current USB sticks though, people are generally more cautious, as the dangers of using an unknown device are well-documented. People are often less aware of the risks posed by untrusted chargers.
“Users can no longer distinguish potentially dangerous inputs such as USB, FireWire, or Thunderbolt from a simple power charger,” Diogo Monica, chair of the IEEE’s Public Visibility Committee told Yahoo News. “This means that attacks like last year’s BadUSB will not only continue to be possible, but will actually be harder to avoid.”
However, the risk shouldn’t be overstated, given the cost of turning a standard power brick into a sophisticated spying device. While it’s possible that hardware could be included to steal data, and even transmit them from the power block, it would be a costly solution for something that – to lure in unsuspecting victims – would have to be cheaper than the official product. To that end, if attacks are done this way, they’re more likely to be extremely targeted at specific individuals.
Still, while the possibility is there, can manufacturers including USB Type-C connectors act to protect their systems? As The Verge points out, it’s actually a lot harder than it sounds, as USB is an open standard. While Apple has had authentication chips into its Lighting connectors, this remains impossible with open standards.
“Combining data and charger ports had made the new MacBook and Pixel faster and more powerful, but the price is an ongoing concern over what devices you trust enough to plug in,” concludes The Verge.
Hadrian / Shutterstock.com
Author Alan Martin, ESET