If you're using a Magic Keyboard, you've opened up an attack vector
A researcher has found ways to enter type on your Mac, iPad, or iPhone without your permission, if you're connected to a Bluetooth Magic Keyboard.

An Apple Magic Keyboard
Being able to connect keyboards wirelessly is the enormous boon of Bluetooth -- but Bluetooth has never been the most secure of technologies. Now researcher Marc Newlin has revealed a new vulnerability that easily affects macOS, iOS and iPadOS users.
Newlin says he had been investigating and then reporting unauthenticated Bluetooth keystroke-injection vulnerabilities in macOS and iOS for some time. "At this point," he writes in a blog post, "I still thought Bluetooth was probably okay-ish, but the mirage of Apple security was starting to fade."
"When I found similar keystroke-injection vulnerabilities in Linux and Android, it started to look less like an implementation bug, and more like a protocol flaw," he continues. "After reading some of the Bluetooth HID specification, I discovered that it was a bit of both."
Newlin reported the vulnerability to both Apple and Google in August. Apple has yet to respond.
According to Newlin, the "vulnerabilities work by tricking the Bluetooth host state-machine into pairing with a fake keyboard without user-confirmation."
"The underlying unauthenticated pairing mechanism is defined in the Bluetooth specification," he continues, "and implementation-specific bugs expose it to the attacker."
It doesn't take much to execute the attack. Newlin says that all it takes is a Linux device, and any Bluetooth adapter for hardware.
What this all means is that once a hacker is faking the Bluetooth connection between your Magic Keyboard and your Mac, they can enter keystrokes at will. They obviously can't do anything that requires user authentication with a password or a Touch ID verification, but otherwise they can launch apps, read messages, and download files.
How to protect yourself from unauthenticated Bluetooth keystroke injection
So far, there is no fix in macOS or iOS, despite the researcher reporting the vulnerability to Apple in August. The easiest way to protect yourself if you're concerned about a Linux-based man-in-the-middle attack like this is to turn off Bluetooth.
Alternatively, a wired keyboard can be used while Bluetooth is on, assuming that there aren't any Magic Keyboards paired.
Additionally, attentiveness will alert the user that there's potentially a problem. If a user authentication dialog pops up as a result of the injection, be certain what it's for.
Keystrokes are not invisible, and the keystroke injection actions should be visible to the user.
Read on AppleInsider
Comments
1. me and my iMac in my home office
2. me and my iPad (with Smart Keyboard Folio for iPad Air (5th generation))
?
No security is 100%, but vulnerabilities that require elaborate schemes to exploit them are low-probability problems.
In person targeted attacks are extremely rare and there are a million ways to carry out if going to this extent. Since it requires the attacker to be with you it would get outsized police action if they are caught as opposed to an anonymous hacker online.
It’s worth pointing out that this alleged “attack” can only work if the attacker is within 30 feet of you — so at home this is probably a complete non-issue, and even in public you’d probably only be a real risk if you were attended a black-hat hacker convention, or a Starbucks in Silicon Valley.
I concur with AppleZulu about the risk factor on this. Good to be aware of the vulnerability, very VERY low odds of it being a practical thread in the real world.
"Newlin says that all it takes is a Linux device, and any Bluetooth adapter for hardware" covers the attack vector and how it's executed. The text says what the attack can do, and can't.
Who wants cords laying around their nice desk?
Cords knock things over.
Cords limit your ability to effortlessly move the keyboard to your lap and recline.
Honestly, for me, the worst thing about wireless stuff is you have to always wonder if it's charged enough.
Trackpad, not a problem.
I like a wireless keyboard because I'm not always sitting at the desk and like to watch video from a relaxed posture. Wires just impeded that. A wired keyboard is handy for troubleshooting ie booting into Safe Mode and needing the onboard USB ports in some instances. Also handy if the wireless keyboard needs charging. That would be a first time for me if that ever happens.
Apple doesn't offer wired anymore? That's a little disappointing but I prefer an illuminated keyboard anyway as I'm only a 90% touch typist. 95% if the keyboard has a 10-key.
I notice on my Mac that it greys out the Bluetooth Connection for the keyboard though it still has the icon coloured blue.
Is it still using Bluetooth for communication or is it using the USB cable?