I find it worrying that the side effects of leaving Mullvad enabled are that the keyboard takes longer to wake from sleep. What the hell is going on here?
I mentioned this issue regarding my laptop during the apple server downtime last week. Someone mentioned that the T2 chip connects to Apple during wake from sleep. I'm guessing the keyboard goes through the T2 chip and until the timeout is hit it won't let it through.
I assume this is related to the iCloud 'Find My Mac' feature: whenever a device wakes up one of the first few things it does is update its location on iCloud.
Yes, it is both a security leak and a useful feature: it is useful to find a lost/stolen device as the location will become visible whenever anyone powers it up with access to an internet connection.
I've wondered about the practicality of this for some time, but never came up with an answer. For a device with an always on connection like an iDevice with cell chips, the location can always be updated. However, a locked laptop with WiFi only would need to be unlocked to be told to join an available WiFi network. If I'm someone that is inclined to do something with an Apple laptop with a T2 chip that has found its way to me, I'm not going to allow it to join a WiFi.
As of macOS Catalina, it can piggyback off nearby devices. Even if the device is turned off, it still may be able to broadcast location if there are other devices nearby.
> If I'm someone that is inclined to do something with an Apple laptop with a T2 chip that has found its way to me, I'm not going to allow it to join a WiFi.
So that means you will never use that laptop on a network again?
Its more than that, You can't wipe it at all until you log in with the apple account it was connected to. Rendering a stolen laptop effectively bricked and only useful for parts.
Yes, from what I know the keyboard goes through that chip.
I also think to have heard that in some cases broken keyboards can cause your laptop to not work anymore at all because of this but I didn't remember where I heard this, does anyone happen to know the source/correctness of that?
This is also an issue on always-on VPNs, where the process of verifying keyboard firmware can result in the alarming "Please connect a keyboard via Bluetooth" dialog on even a laptop. It goes away as soon as the verification completes, but is not the fault of Mullvad per se.
I'm aware of this being a well-documented issue starting in Catalina [1], but I wasn't aware there was a definitive answer as to why. Do you have a source for the fact that it's firmware verification?
I wish I did. I just remember it being a huge annoyance.
It does both make sense and seem incredibly buggy. It'd have to be a fairly impressive attack vector that hits the keyboard firmware, but if you did, I suppose you'd have access to the raw key stream to exfiltrate... not curious to see if it applied on my Mac Pro (which just has a WASD keyboard - I don't use the Apple Magic Keyboard), or a MBP without touchbar (maybe this is the firmware, not the keyboard per se). I do know it is demonstrably the VPN at issue - I can disable our always-on device VPN and the problem goes away, but alas, no easily accessible source that says "verification of HID firmware" or similar.
This explains a lot, actually. I travel a lot, so I often deal with very bad internet connection quality. I also often have the problem that my keyboard takes a long time to start working again after sleep mode.
I've even gotten the "you don't have a keyboard plugged in" error message on my laptop (because the keyboard hasn't been detected after ~30 seconds).
