USB Type-C Authentication Program will help protect against non-compliant USB chargers
USB Type-C is the standard in most Android smartphones these days. We’re also seeing USB-C in more tablets, Chromebooks, and other devices. In the early days of USB-C (and still some today), there were a lot of issues with bad chargers and cables. The USB-IF standards body has announced a program to help protect against bad accessories.
With the arrival of USB-C a few years back, plugging into laptops, tablets and smartphones became even easier than before. Users no longer had to worry about which way up the cable needed to be before pushing the 24-pin connector into a device’s port, and could also look forward to fast data transfer and power delivery too. But there are potential security risks. The USB Type-C Authentication Program launched today aims to address such issues.
Trustingly plugging a USB charging cable into any available public port can leave your device open to attack from hidden malware, could cause permanent damage from a power surge and may even open the door to your personal or business data.
new protocol from the USB Implementers Forum (USB-IF) can be used to
validate the authenticity of a cable, charger or hardware at the moment
of connection, and stop attacks in their tracks.
USB-IF has chosen DigiCert to operate registrations and certificate
authority services for the new specification, which makes use of 128-bit
cryptographic-based authentication for certificate format, digital
signing, hash and random number generation.
Type-C Authentication gives OEMs the opportunity to use certificates
that enable host systems to confirm the authenticity of a USB device or
USB charger, including such product aspects as the descriptors,
capabilities and certification status,” said DigiCert in a press release.
“This protects against potential damage from non-compliant USB chargers
and the risks from maliciously embedded hardware or software in devices
attempting to exploit a USB connection.”
launch, the program is optional but with more and more manufacturers
including USB-C connectivity on their devices, it’s a welcome addition
to the security toolkit.