TidBITS reported on the BadUSB vulnerability.
“The new MacBook’s single port comes with a major security risk,” proclaims The Verge. Gizmodo took The Verge’s story a step further with, “The NSA Is Going to Love These USB-C Charging Cables.” So what’s the big deal, and is there any fire behind all this hot air?
These articles are pure clickbait. The main exploit in question, called BadUSB, was discovered 8 months ago. In theory, it could be used to attack most USB devices, including Macs, iPads, Windows PCs, and more. But making it seem like the new 12-inch MacBook, and to a lesser degree, the new ChromeBook Pixel, has some sort of new vulnerability because of using USB-C is disingenuous at best.
Gizmodo seems to believe the 12-inch MacBook is vulnerable to this direct attack, even going so far as to suggest that the NSA will distribute hacked USB-C power adapters designed to take over your notebook. But unlike Thunderstrike on vulnerable Macs (see “Thunderstrike Proof-of-Concept Attack Serious, but Limited,” 9 January 2015), the USB port uses Intel’s xHCI (eXtensible Host Controller Interface), which can’t be placed into a DFU (device firmware upgrade) mode to overwrite the MacBook’s firmware. Thus the MacBook itself can’t be infected with BadUSB, so plugging in an unknown power adapter can’t give someone control of your MacBook.
Anything to pull eyeballs to their sites.