Mobile Technology

USB Type-C Authentication Program launched to protect your devices

USB Type-C Authentication Prog...
Protection from non-compliant USB chargers is on the way
Protection from non-compliant USB chargers is on the way
View 1 Image
Protection from non-compliant USB chargers is on the way
1/1
Protection from non-compliant USB chargers is on the way

With the arrival of USB-C a few years back, plugging into laptops, tablets and smartphones became even easier than before. Users no longer had to worry about which way up the cable needed to be before pushing the 24-pin connector into a device's port, and could also look forward to fast data transfer and power delivery too. But there are potential security risks. The USB Type-C Authentication Program launched today aims to address such issues.

Trustingly plugging a USB charging cable into any available public port can leave your device open to attack from hidden malware, could cause permanent damage from a power surge and may even open the door to your personal or business data.

The new protocol from the USB Implementers Forum (USB-IF) can be used to validate the authenticity of a cable, charger or hardware at the moment of connection, and stop attacks in their tracks.

The USB-IF has chosen DigiCert to operate registrations and certificate authority services for the new specification, which makes use of 128-bit cryptographic-based authentication for certificate format, digital signing, hash and random number generation.

"USB Type-C Authentication gives OEMs the opportunity to use certificates that enable host systems to confirm the authenticity of a USB device or USB charger, including such product aspects as the descriptors, capabilities and certification status," said DigiCert in a press release. "This protects against potential damage from non-compliant USB chargers and the risks from maliciously embedded hardware or software in devices attempting to exploit a USB connection."

At launch, the program is optional but with more and more manufacturers including USB-C connectivity on their devices, it's a welcome addition to the security toolkit.

Source: USB-IF

2 comments
christopher
Fake claims - malicious circuits can easily hijack a legit cable so there's no way this can provide any "security" protection - in fact it's the exact opposite - what's your PC supposed to do when it get a USB-C cable that doesn't respond? Block it being used, right? And what's the only working way to stay secure? Block the data, right [e.g. "USB condom"]? So this dumb idea is going to make everyone more vulnerable, not more safe!
Tyson Clugg
Does anyone else share my scepticism of the real intentions for this new standard? The security aspects are indeed fantastic, but I fear this might be used by some manufacturers to enforce vendor lock-in on laptop and phone accessories. Will the next gen iPhone refuse to charge via the USB port built into the dash of my car?