C to get improved security in fight against malware-laden USB sticks

Isaac Cain
January 4, 2019

Though this issue exists with USB-A, the problem is compounded by the fact that USB-C is created to transfer data, charge devices and connect external displays.

The goal of the program is to create a secure handshake between different USB Type-C devices.

The USB Type-C Authentication Program implements a standard protocol to be able to identify and authenticate certified USB-C chargers, devices and cables, and this security verification happens the moment the device or cable is plugged in.

The Authentication Program launched on January 2 2019, but was not immediately available for manufacturers to use, as the standard has not been completed yet. Eventually, however, USB-C could become as ubiquitous as USB-A (right?!), and that's when this optional security update will be the most beneficial.

The USB-IF notes that the security standard will be optional rather than compulsory - at least initially - and any products which use the authentication protocol will retain control over the way the security policies are implemented and enforced. It can also recognize certificates and capabilities of the connected device (such as an external hard drive). Non-MFi cables can sometimes be risky knock-offs that can damage devices. But now that iPad Pros have USB-C charging, and maybe even future iPhones, it might be good to make it a rule.

More news: Pelosi has a message for Trump: 'Nothing for the wall'

What is USB Type-C?

"DigiCert is excited to work with USB-IF and its CA Program Participants from the industry at large to provide the technical expertise and scale needed for the USB Type-C Authentication Program, and we look forward to implementation", said Geoffrey Noakes, Vice President, IoT Business Development at DigiCert. Using the authentication framework, device makers could block uncertified cables under the assumption they may harm your devices. Moreover, such modifications in the cable are hard to notice, which further makes it too easy to exploit USB devices. This could also be used in enterprise, with a company limiting access to only verified USB-C devices.

The USB-IF might have the best of intentions here, but the program could cause some headaches for consumers.

According to Engadget, the programme will define cryptographic-based authentication for USB-C devices and chargers. Also, an OEM could conceivably use the program like DRM to force you to purchase specific accessories.

This new security feature will allow devices to authenticate USB-C connections for legitimacy, both on charging and data connections.

Other reports by LeisureTravelAid

Discuss This Article