monoprice31usbcusbccable130031100577830orig

New USB-C authentication spec protects against malware and shoddy chargers

The battle against “bad” USB Type-C cables has a new ally: The USB 3.0 Promoters Group. The coalition—made up of tech company heavyweights including HP, Intel, and Microsoft—announced the USB Type-C Authentication specification on Tuesday. The new spec will allow devices to confirm the integrity of a USB-C charger, cable, or device before allowing data or significant power to run through it.

The new capability lets a device check a variety of items about a charger or cable’s credentials, including its descriptor, capabilities, and certification status. The process will use 128-bit cryptographic signatures for authentication.

Protecting against inappropriately designed USB chargers is only one focus of the new specification. It’s also meant to protect against malicious hardware or software attempting to deliver an exploit via USB.

It’s not clear when we can expect device and peripheral makers to start building the authentication into their products. Once it is running, the USB 3.0 Promoters Group imagines a number of scenarios where the new specification will come in handy.

If you’re concerned about charging your phone at a public terminal, for example, your handset can be set to only allow power from certified chargers. Or, an IT department could use the technology to allow only verified USB storage devices to interface with company PCs.

The story behind the story: The new authentication specification comes several months after Google engineer Benson Leung began fighting against shoddy USB-C cables. Since November, Leung has been reviewing Type-C USB cables—including Type-A to Type-C—and calling out those that aren’t up to “code” and have the potential to harm your device. In late March, Amazon also joined the fight by blacklisting non-compliant USB-C cables. Now with the new authentication specification, it should become even easier to avoid poorly developed cables that have the potential to harm your gear.

IDG Insider

PREVIOUS ARTICLE

« Microsoft, Samba Badlock flaw not critical, but serious enough

NEXT ARTICLE

63% Off Etekcity Digital Infrared Thermometer Temperature Gun - Deal Alert »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Poll

Do you think your smartphone is making you a workaholic?