With the arrival of USB-C a few years back, plugging into laptops, tablets and smartphones became even easier than before. Users no longer had to worry about which way up the cable needed to be before pushing the 24-pin connector into a device's port, and could also look forward to fast data transfer and power delivery too. But there are potential security risks. The USB Type-C Authentication Program launched today aims to address such issues.
Trustingly plugging a USB charging cable into any available public port can leave your device open to attack from hidden malware, could cause permanent damage from a power surge and may even open the door to your personal or business data.
The new protocol from the USB Implementers Forum (USB-IF) can be used to validate the authenticity of a cable, charger or hardware at the moment of connection, and stop attacks in their tracks.
The USB-IF has chosen DigiCert to operate registrations and certificate authority services for the new specification, which makes use of 128-bit cryptographic-based authentication for certificate format, digital signing, hash and random number generation.
"USB Type-C Authentication gives OEMs the opportunity to use certificates that enable host systems to confirm the authenticity of a USB device or USB charger, including such product aspects as the descriptors, capabilities and certification status," said DigiCert in a press release. "This protects against potential damage from non-compliant USB chargers and the risks from maliciously embedded hardware or software in devices attempting to exploit a USB connection."
At launch, the program is optional but with more and more manufacturers including USB-C connectivity on their devices, it's a welcome addition to the security toolkit.
Source: USB-IF