Security Question

[way77]

I ordered a Huion graphics input pad. You have to download the driver from their website. Upon installation it requires Accessibility access under Security & Privacy in system pref. I stopped there and deleted the app.

Is this truly a potential security issue? I prechecked before and after with anti-virus programs and found nothing but the worry remains. Like the hardware, the software I don't trust.

Also why can't Apple limit apps like this to specific programs (e.g. Photoshop, Affinity) instead of giving them system wide access?

 

[bogdanw]

The accessibility features of macOS make possible the use of such devices, so their applications have to request accessibility permission to run properly.
"How to Install Huion Driver on MacOS" https://support.huion.com/en/suppor...01854273-how-to-install-huion-driver-on-macos

 

[SecuritySteve]

From a security perspective, granting accessibility permissions only allows the device to gain access to physical I/O privileges. Generally, when attackers want to gain privileges on a system they are looking for ways to get from standard user to admin or higher.

The only attack vector that an attacker can leverage when you give accessibility privileges for a device like an input pad is by physically being present at your computer and manipulating the I/O (probably destroying) your input device. So if you're not worried about local attackers you don't need to worry about accessibility privileges for peripheral devices.

There is probably an exception to be made for remote attacks against cameras specifically, but that doesn't apply to this case.

 

[bogdanw]

Accessibility permissions can be abused for keylogging, but only lame malware will ask you for consent.
https://objective-see.com/blog/blog_0x2A.html

 

[way77]

Accessibility permissions can be abused for keylogging, but only lame malware will ask you for consent.
https://objective-see.com/blog/blog_0x2A.html

Could they install some type of hidden keylogging if one grants them accessibility?

 

[way77]

From a security perspective, granting accessibility permissions only allows the device to gain access to physical I/O privileges. Generally, when attackers want to gain privileges on a system they are looking for ways to get from standard user to admin or higher.

The only attack vector that an attacker can leverage when you give accessibility privileges for a device like an input pad is by physically being present at your computer and manipulating the I/O (probably destroying) your input device. So if you're not worried about local attackers you don't need to worry about accessibility privileges for peripheral devices.

There is probably an exception to be made for remote attacks against cameras specifically, but that doesn't apply to this case.

Could they install some type of hidden keylogging if one grants them accessibility? Would anti virus software detect this?

 

[bogdanw]

Could they install some type of hidden keylogging if one grants them accessibility? Would anti virus software detect this?

In theory, everything is possible. But I don’t see why they would destroy their business with such a thing.
Download the software only from the official site, you can scan the dmg on https://www.virustotal.com/ and you can easily prevent the app communicating over the Internet with a firewall.
If you don’t use it everyday, you can delete the permission form System Preferences or from Terminal with

sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db "delete from access where client='com.huion.HuionTablet' and service='kTCCServiceAccessibility';"

 

[way77]

In theory, everything is possible. But I don’t see why they would destroy their business with such a thing.
Download the software only from the official site, you can scan the dmg on https://www.virustotal.com/ and you can easily prevent the app communicating over the Internet with a firewall.
If you don’t use it everyday, you can delete the permission form System Preferences or from Terminal with

Thanks for the reply and the link. Do you mean turning accessibility on and off? For firewall, which is on, do you mean toggling app on and off via firewall options?

I checked out Objective-See. Looks like an impressive knowledge base for this kind of thing, though most of it is Greek to me.

 

[bogdanw]

Do you mean turning accessibility on and off?

Yes, unchecking or deleting the Huion app from System Preferences – Accessibility. You can check/add it again when needed.

For firewall, which is on, do you mean toggling app on and off via firewall options?

Using a firewall, like LuLu https://objective-see.com/products.html or Little Snitch https://www.obdev.at/products/littlesnitch/index.html, to block all connections that the Huion app might initiate.