How to manage Thunderbolt & USB security in macOS Ventura
How to manage Thunderbolt & USB security in macOS Ventura
As part of the security improvements in Apple Silicon Macs running macOS Ventura, Apple has made it so that new USB or Thunderbolt devices have to be approved. Here’s how to manage how often you see the requests.
Malware-filled software and rogue files can take control of a computer system and cause major problems. Dangers are a loss of data, data theft, and potential ransom of the system itself.
However, while software security has been the main focus of efforts to educate the public, there are still hardware-based things to consider.
There’s the more obvious issues such as a malware-laden USB drive left in a parking lot, placed to try and encourage a curious employee of a business to use it on a work computer to see what’s on it. But there’s others as well, such as someone quietly putting key-logging hardware onto a computer without the user’s knowledge.
These latter examples require physical access to the Mac to be accomplished, making them rarer to encounter. That doesn’t make them any more dangerous, and so users should remain vigilant about seemingly harmless found drives and other similar things.
Securing against hardware
As part of macOS Ventura’s security enhancements, Apple introduced a new feature that actively prevents communications between the Mac and newly-connected devices that it hasn’t previously encountered. While hardware you regularly connect will be considered as fine to use, items that haven’t been connected to that particular Mac may not be allowed to communicate or share data with the Mac at first.
While arriving in macOS Ventura, the feature will only be available for Apple Silicon Macs, not older Intel-based models.
To use it, you’ll have to deal with a new pop-up that appears on-screen, asking if you want “Allow accessory to connect?: along with the name of the accessory and options to Allow or Don’t Allow, namely to permit the connection or to prevent it from communicating.
If you click Allow, macOS will open up lines of communication with the plugged-in hardware, and data will flow as previously. Clicking Don’t Allow will keep the block on communications in place, but it will allow the device to charge.
The problem that some users may have is that they could grow tired of seeing the same notice repeatedly on their screen. Reasons for this could be knowing that their local computing environment is safe and secure, or believing that they have good security practices away from the Mac that would prevent such activities from happening.
Likewise, especially in corporate environments, it may be worthwhile to make sure the message is displayed whenever you plug anything new into the Mac for enhanced security.
It is possible to configure macOS to not show the warnings as much, or to show it every time something’s connected.
How to change the accessory security pop-up frequency in macOS Ventura
- Click the Apple icon in the top-left corner of the Mac desktop.
- Click System Settings.
- Select Privacy & Security in the left-hand column.
- Scroll down to the Security section.
- Next to Allow accessories to connect, click the dropdown box and select your preferred option.
- Close System Settings.
There are four options in the dropdown box, with varying levels of security. These options are:
- Ask for New Accessories – This is the default option, and will ask you whenever it’s a new and unknown item connected to the Mac. After allowing, the notice won’t appear if you plug the device in again in the future.
- Ask Every Time – Every single time you plug in a device, you will be asked to allow it to communicate, regardless of whether or not you previously allowed it.
- Automatically When Unlocked – You will automatically approve devices that are connected to your Mac when it is unlocked. If the Mac is locked, devices connected to it won’t be approved automatically and will need to be manually allowed.
- Always – Always allow devices to work without needing approval.
Of the four options, Always is the least secure, since it would approve communications for anything connected to the Mac, even if it’s connected while locked and without your knowledge. AppleInsider doesn’t recommend selecting the Always option except in rare circumstances and with strong security procedures in place externally to the Mac itself.