USB-C could soon offer protection against nefarious devices
The 'cable of the future' gets its own security protocol.
USB chargers and devices are universally accessible and easy to use, but they come with a host of potential security risks, namely the spread of malware from infected devices, and data leakage should a device fall into the wrong hands. Now, the USB Implementers Forum (USB-IF) -- the big dog in the advancement of USB tech -- has launched its USB Type-C Authentication Program, which will help mitigate these issues.
The program defines the optimal cryptographic-based authentication for USB-C devices and chargers. Any host system using this protocol will be able to confirm the authenticity of a device or charger, including descriptors and capabilities, right at the moment a connection is made. So say, for example, you're concerned about charging your phone at a public terminal. Your phone could implement a policy only allowing a charge from certified chargers. A company, meanwhile, could set a policy for its PCs, giving them access only to verified USB storage devices.
At this stage, the program is simply a recommendation -- there's no mandatory implementation required, but its creation certainly points to future security requirements for USB-C, which USB-IF president Jeff Ravencraft believes is "the single cable of the future." Indeed, as more product manufacturers adopt USB-C, nefarious individuals will be looking for ways to exploit their vulnerabilities, so the guidance marks an important contribution in enabling a secure system of compliant, interoperable products.
