USB Type-C gets authentication to protect against malicious devices

USB-IF announced it will roll out a USB Type-C authentication program to protect against non-compliant USB chargers and USB malware risks.
Written by Campbell Kwan, Contributor

Not-for-profit organisation USB Implementers Forum (USB-IF) announced on Wednesday the launch of its USB Type-C Authentication Program, which aims to provide host systems the opportunity to protect against non-compliant USB chargers and to mitigate risks from malicious firmware in USB devices.

USB-IF's program will confirm the authenticity of a USB device, cable, or charger. All of this will occur right at the moment a connection is made to ensure that no inappropriate power or data is transferred, according to USB-IF.

The not-for-profit will work alongside DigiCert, who will manage the PKI and certificate authority services for the USB Type-C Authentication Program.

Read more: How I learned to stop worrying and love USB Type-C

"As the USB Type-C ecosystem continues to grow, companies can further provide the security that consumers have come to expect from certified USB devices," USB-IF president and COO Jeff Ravencraft said

Unsafe USB chargers and devices can affect IT systems, with the Guidelines on Cyber Security onboard Ships detailing two incidents where USB thumb drives led to a cyber-security incidents on board ships.

The USB Type-C Authentication solution will include: a standard protocol of authentication for USB Type-C chargers, devices, cables, and power sources; support for authenticating over either USB data bus or USB power delivery communications channels; products that use the authentication protocol and retain control over the security policies implemented and enforced; 128-bit security for all cryptographic methods; and specification references for existing internationally-accepted cryptographic methods in relation to certificate format, digital signing, hash, and random number generation.

Other organisations have also taken steps to protect their devices from USB issues, with Google adding a new security feature to Chrome OS in December to protect its Chromebook devices from malicious firmware in USB devices.

The new feature, named USBGuard, blocks access to the USB port access while the device's screen is locked.

Apple also rolled out a similar feature for iOS in July this year. iOS 11.4.1 included a new feature that required users to unlock their device after an hour of inactivity before allowing any activity over a USB port.

Related Coverage

Chrome OS to block USB access while the screen is locked

Google takes steps to protect Chromebooks from some types of physical access attacks.

Ships infected with ransomware, USB malware, worms

Ships are the victims of cyber-security incidents more often than people think. Industry groups publish cyber-security guidelines to address issues.

VPN services 2018: The ultimate guide to protecting your data on the internet

Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.

Researchers find Stuxnet, Mirai, WannaCry lurking in industrial USB drives

The malware strains have all been found in industrial settings due to removal media.

How to encrypt a USB flash drive with GNOME Disks (TechRepublic)

If you use Linux and need an easy method of encrypting data on your USB drives, GNOME Disks has you covered.

Editorial standards