One of Han Solo's trademark lines was "I've got a bad feeling about this." Ever since I started thinking about getting the 2018 i9-based, 32GB MacBook Pro, I've been having a bad feeling, but I couldn't put my finger on what it was.
Plus there's the lack of ports. I make active use of the USB 3.0 and Thunderbolt ports, as well as the SD card slot on my 2015 i5-based MacBook Pro.
But it's not any of those concerns. I'm aware of them. It's been something else. Something serious. Something that can be trouble for any modern MacBook Pro user. But for weeks, I haven't been able to identify what was causing the tickle on the back of my neck.
Then, last night, as I plugged my current MacBook Pro into its snuggly MagSafe 2 power connector, I thought, "I'm going to miss the convenience of this." And then it came to me.
It's the USB-C ports. Because of the USB-C ports, all MacBook Pros introduced since late 2016 are inherently unsafe. Likewise, all of the 12-inch MacBooks introduced since 2015 are inherently unsafe.
It's all about the power
Okay, follow along with me. With my 2015 MacBook equipped with a MagSafe port, if I want to charge the machine, I just plug it in. There's no risk of a data connection. As long as I have networking off and nothing plugged into any of my ports, I'm safe. I'm air-gapped from the rest of the world.
MacBooks before 2015 and MacBook Pros before 2016 could charge without any risk, as long as everything else was off, empty, or disconnected.
For other smartphones, the problem is similar, although most phones used micro USB connectors, and now, most use USB-C connectors.
From a security point of view, wireless charging, like that on the newer iPhones and Galaxy S9, can be a substantially safer way to go, because you're able to charge the devices without ever plugging in a data-capable cable.
Of course, at least for Android devices, there are still serious malware threats that can enter the device via text, email, browsing, and p0wn3d apps, but at least one path of least resistance can be closed up.
In Europe, though, USB-C could be a real problem. The EU is considering mandating a switch to USB-C as the standard connector for all phones.
While this type of standardization does have its benefits, if the EU extends its USB-C demands to notebook computers, those computers that still charge with external, dedicated charging connectors might be forced to use a data-capable connector for charging.
While Apple has moved all its notebooks to USB C-based charging, many Windows-based laptops can still be air-gapped while charging.
Why worry about this
I kind of like to use the adapters and dongles that come with the products I buy. Maybe you do, too. At this point, though, I'm willing to bet that most of us have a bin of dongles, adapters, and cables of uncertain origins. It's not unusual to borrow cables, dongles, and chargers when we're caught with our batteries down.
That was all well and good back when MacBooks required Apple-made chargers. Even then, there were aftermarket providers. But now, you're expected to plug your USB-C adapter into a MacBook Pro on one side, and into a possibly random USB charger on the other. That's where the trouble begins.
As far back as 2013, CBS News reported on fake Apple chargers (in this case, for iPhones). Last year, I wrote about how USB chargers are available that not only charge devices, but spy on you. Spying isn't the only problem. Many of the fake brand name or inexpensive aftermarket chargers are unsafe as well. Such chargers can cause shocks or even fires.
The performance date of the contract shows that the award period was between June and September 2016. Since the first USB-C equipped MacBook Pros were announced in October of that year, and volume shipping took until December, the DoD may have been delivered pre-USB-C devices. On the other hand, since nothing in the government runs on time, it's entirely possible that thousands of those machines plug into the wall via a USB-C connection.
The scenario is troubling. All that has to happen to corrupt some of these massive deployments is the substitution of a USB charger. Even if every other precaution has been taken, the mere necessity of keeping the devices charged up puts machines at risk. Prior to the USB-C-only MacBook Pros, at least charging the device wasn't a possible hacking vector.
As for your phones -- especially if you work in a high-securty environment -- you, too, would do well to buy your USB adapters directly from Apple. If you're in the DoD, the White House, or in an environment where a hack could be devastating, toss out those no-name imported adapters and buy your dongles from the vendor who makes your phones.
Beyond dongles and adapters, there's a wide range of best practices for keeping your devices safe. That's beyond the scope of this article, but read around on ZDNet, TechRepublic, and CNET for tons of great advice.
Once again, David Gewirtz puts on his mystical prognostication hat (okay, fine, he launches Excel) to delve into Apple announcement history. Will we see new Macs, iPads, and whatnot in October? There's a pretty good chance, and we'll even tell you what dates to write in your calendar.