1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

USB Type-C authentication program launches to protect against hardware hacks

By Greg S
Jan 2, 2019
Post New Reply
  1. System administrators have had to take additional precautions over the past several years in order to avoid abuse of USB ports on devices. Today, the USB Implementers Forum has officially launched the USB Type-C Authentication Program that sets standards for improved security.

    When a USB cable is plugged in, there is not currently a good way of determining whether there is anything malicious happening in the background. Hardware modifications to cables allow for some extremely stealthy attacks to be carried out that could be hidden in plain sight.

    For USB chargers that negotiate power delivery with connected devices, there is still a high risk of a malicious person falsifying parameters. This could cause a device to be physically damaged by requesting a voltage that cannot be safely accepted.

    Under USB-IF's authentication program, OEMs will be able to certify that their USB Type-C products are protected against most current attack methods. Certified devices will use 128-bit encryption for authentication to verify that modifications have not been made. DigiCert will be the provider of public key infrastructure and manager of CA program participants.

    Software policies on Type-C devices will be able to restrict USB functions based on certification status. For example, it would be possible to only allow phone charging at public terminals that pass a validation check.

    At the current time, participation in the authentication program is optional for OEMs. However, it would not be surprising for hardware makers working in sensitive industries to quickly accept and adopt the standard. Rest assured that all of the dollar store phone chargers will not be adding any additional protections.

    Image Credit: Kontrymphoto via Shutterstock

    Permalink to story.

  2. Kibaruk

    Kibaruk TechSpot Paladin Posts: 3,766   +1,160

    This is cool and way past due.

    I think that's way under everyone's expectations, however I would have linked to the post about the fried chromebook by using an alternative type-C cable for people to make sure not to buy high powered cables from aliexpress or dollar store.
    Reehahs, senketsu and Clamyboy74 like this.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...