Wednesday, January 2, 2019

USB-C Is Going to Get A Lot More Secure

As more devices move to USB-C for charging and data needs, it’s also becoming more clear that the tech needs improved security. Today, the USB Implementers Forum is announcing one such change with USB Type-C Authentication.

This new security feature will allow devices to authenticate USB-C connections for legitimacy, both on charging and data connections. Once implemented, the device will instantly verify that a connected USB-C device is indeed legitimate, then blocking or allowing the connection accordingly.

So, for example, consider the benefit when using public charging stations. Currently, this is a security risk—once you connect your device, what happens next is generally out of your control. If the station is compromised, your data could be at risk. With USB-C Authentication, however, the connected device could see that the source is a non-compliant charger and immediately block its access to your device before any data is accessed.

RELATED: How to Protect Yourself From Public USB Charging Ports

The USB-C Authentication press release goes into more detail, but here are the highlights of the feature:

  • A standard protocol for authenticating certified USB Type-C chargers, devices, cables and power sources
  • Support for authenticating over either USB data bus or USB Power Delivery communications channels
  • Products that use the authentication protocol retain control over the security policies to be implemented and enforced
  • Relies on 128-bit security for all cryptographic methods
  • Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation

Of course, device manufacturers and operating system developers will need to include support for USB-C Authentication before it offers anything meaningful, and that’s also the biggest downside—this is simply a suggestion at the current time, not a requirement. Hopefully, most manufacturers will see the value in such a system and add it voluntarily.

via BusinessWire

No comments:

Post a Comment