This is a mostly useless article. Every computer with USB ports has this problem. If you want to use it as, you know, a computer, you're probably gonna need to plug some stuff into it at one time.<p>You could make the argument that now that it has one port, it's easier to secure because you only have to secure one side of the computer instead of two.
I upvoted, because it's a good thing to be aware of, but I don't think you can call this a "major" security risk. It's not like you're going to see a million people get attacked by a single charger cable out on the internet.<p>If you're someone who has a lot of really sensitive data on your laptop, sure. But, then, most of those people are probably not all that interested in the MacBook, and at any rate they should already be pretty cautious about physical access to the sensitive machine.
The article (especially the headline) implies that the new Macbook is somehow more at risk because of its reliance on one USB port. But if the root of the problem is USB more generally, wouldn't the only "secure" design preclude the inclusion of any USB ports whatsoever? My issue with the article is that by singling out the Macbook (due to its single port) they are not actually contributing any useful information back to the consumer about its potential security. If I'm missing something, I would appreciate clarification.
This is written like it is a novel situation. Smart phones have had this problem almost since inception.<p>Would be nice to see a hardware switch to deactivate the pins that aren't needed for power.
USB Type C does not support DMA as the article states. I think there might be some confusion on the attack vector here. BadUSB requires cooperation from the OS/BIOS/a driver.
I have a similar concern with charging my phone using USB ports in public places. Got a reminder last week while returning from an international trip. The plane had both power outlet and USB port for charging (Really glad they had them there). To charge my phone, first I connected to USB port (since I had the cable handy)and surprisingly got a message about authorizing the computer etc. I had the power adapter as well so pulled it out and charged using it instead.<p>We need a way to give us assurance that port is in just power mode.
Isn't USB-c more secure because it doesn't have DMA like Thunderbolt does?<p>I've seen several articles on HN in the past year that detail serious compromises that are possible via just plugging in a Thunderbolt cable.
"On a standard machine, users worried about USB attacks could simply tape over their ports"<p>^^ Oh yeah, that would do it. Damn Apple for disabling the tape-over fix!