New USB-C Security Protocol to Protect Connected Devices From Malicious USB Sticks, Chargers
USB-C cables could soon come with built-in security thanks to a new authentication protocol.
According to a new report from Engadget, the USB Implementers Forum (USB-IF), an organization dedicated to advancing USB technology, has laid out plans for a cryptographic-based 128-bit authentication system to help defend against non-compliant USB chargers, USB sticks laden with malware, and other similar dangers.
The USB Type-C Authentication Program implements a standard protocol to be able to identify and authenticate certified USB-C chargers, devices, and cables, and this security verification happens the moment the device or cable is plugged in.
“Any host system using this protocol will be able to confirm the authenticity of a device or charger, including descriptors and capabilities, right at the moment a connection is made,” reads the report.
In other words, if one was concerned about charging one’s phone at a public terminal, said phone could implement a policy that only allows charges from certified chargers. Additionally, a company would be able to set a policy for its PCs that only allows them to read verified USB devices.
“USB-IF [USB Implementers Forum] is excited to launch the USB Type-C Authentication Program, providing OEMs with the flexibility to implement a security framework that best fits their specific product requirements,” USB-IF President and COO Jeff Ravencraft wrote in a media advisory. “As the USB Type-C ecosystem continues to grow, companies can further provide the security that consumers have come to expect from certified USB devices.”
At the current time, participation in the authentication program is optional for OEMs. However, it would not be surprising for hardware makers working in sensitive industries to quickly accept and adopt the standard.