Slashdot Mirror
Free Software Will Help Detect Faulty and Malicious USB-C Cables
Reader Mickeycaskill writes: The USB 3.0 Promoter Group, of which HP, Intel and Microsoft are members, has developed authentication protocols for USB-C and will offer free software to detect faulty or malicious cables.This tool will alert users if they are using a non-authenticated cable. It has been suggested that hardware manufacturers could ship devices with an authentication system already installed. It is hoped that the specification will help end a number of recent incidents where sub-standard cables have either ripped off buyers or damaged devices. Most recently, Amazon said it would be adding USB-C cables and adapters that do not comply with standard regulations to its list of prohibited electronics items.
Apple can use this to lock in
$20-$30 cables
$30-$50 USB3 TB / MINIDP to DVI / VGA / HDMI.
$20 USB3c to USB.
$30 USB3 to GIG-E.
Why bother to name those particular three?
XML is like violence. If it doesn't solve the problem, use more.
Nah, you just use a low voltage and current until it's authenticated
What I don't get is couldn't anyone just read the spec and make an "authenticated" cable?
'Non-authenticated cables'?! what dystopian hell have I awoken in?!
Apple already has a hardware-based authentication baked into the MacBook that supports USB-C, so this software-based approach won't really change anything for them. All it may do is help USB-C become more widely-adopted, which is something we should all want, given the benefits it provides over its predecessors.
As for Apple making ridiculously expensive dongles and adapters, they'll do that regardless of any sort of lock-in. Just look at Lightning cables. You can buy MFi (Made for iPhone) Lightning cables from Amazon Basics or other third-parties that are fully licensed and certified, yet Apple still sells their own Lightning cables for significantly more. This authentication protocol doesn't change a thing as far as Apple adapters and dongles go.
Which is nice until someone [exploits these cables to] delete all your cat photos.
No, you're thinking of Cat Negative One cables.
Er what? You do realize that Apple already owns the patents and designs to their own Lightning cables right? As such they can change whatever they want for their own cables. You also realize that USB C is an industry standard controlled by consortium company that Apple does not own as well, right? How they hell can Apple lock in someone else's standard, again? Sure Apple can charge $20 for USB-C cables like Monster charges $100 for an HDMI cable but that does not make it a lock-in.
Well, there's spam egg sausage and spam, that's not got much spam in it.
I think that's the point, read the spec and make a cable to the spec, i.e. a good cable. Or do you mean just read the bit of the spec that does the authentication and then still use bad wire? Probably not worth the effort of only doing half a decent job rather than going the full way, hopefully anyway.
People get tired of USB being affordable and pine for a more Firewire-type system?
Why are we hoping for authenticated cables?
http://lkml.org/lkml/2005/8/20/95
For me, this currently seems like a joint venture of trying to get cheap competition out of the market: you must join the cartel in order to be "certified", but once you are, you can do what you want.
There is no additional protection for the user who doesn't trust that cartel.
What about not auto-mounting a smartphone? You don't need to mount anything when you connect to a charging device. Also helps if you connect your smartphone to a stranger's computer to charge it.
You would still need encryption if you indeed want to protect from malicious USB cables between the smartphone and the device, but the only secure way to do it is how adb does it: with device unique private keys for both devices, and asking for authorisation at the smartphone's side. Very simple.
It can be even improved by displaying a QR code at the screen of the laptop/PC, you only need to scan it with the smartphone, done.
So the cables are deliberately causing fault or do you mean the manufacturers? It's hard for me to believe than an inanimate object has malicious intent.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
What problems do non-authenticated cables cause?
when you cables need to be "authenticated"....
Honestly, Everyone bitches about Apple, but the rest of the world is doing the same fucking thing, my cable should not have to authenticate to anything. and should just contain plastic, metal connector pins and copper wires to take it to the other end.
Do not look at laser with remaining good eye.
just don't try using crossover cables! it may convert your cat into a dog.
--
"It is now safe to switch off your computer."
If the cat feels it really should be a dog there is nothing wrong with that.
Proprietary, vendor-approved cables only?! Take My Money!!!
to save a couple cents worth of clamping diodes and fuses per USB port...
USB has become succesful because it was cheap and simple to use and cheap and simple to manufacture. It seems to me that USB-C is getting further and further away from that by the day. Maybe different use cases require different solutions, maybe there is no such thing as a 'one universal cable' that can combine the advantages of all the others without the disadvantages. It seems like USB just wanted to replace lightning on Apple stuff, and does not care about PC users who don't have a fortune to waste on a piece of wire. Which is not even just wire anymore, it contains its own electronics, losing all the elegance and simplicity tha made USB great.
How useful is this? It seems like it would lock out competing low-cost cables while not dealing with the really bad ones. If a cable has a fault which will fry your computer/port, software isn't going to help much by that point.
A hardware device might work better.
No. No, no, no!
The *LAST* thing we need is a USB cable with active components in it. It's almost bad enough that some charging cables have a small resistor in them, because now there are a million different standards of them.
Also, if the ground and power wires are swapped at one end like the cable that killed the chromebook of that google employee, then no software is going to help at all. As soon as you plug it in, it will already have damaged your hardware.
Here is what we *DO* need: USB cables that are transparent so you can SEE the colors of wire going to the pins of each connector. *THIS* is what will prevent damage due to bad cables. Your "software" is not needed, and wouldn't help anyway.
There have been bad cables out there that put in the wrong spec resistor or are otherwise mis-wired. However, I don't agree that "authenticating" the cables is the answer. The word "authentication" implies that there will be key exchanges involved, which puts all the pieces into place for vendor lock-in (i.e. LG devices only charge with LG certified cables, etc... ), not to mention additional cost and complexity. I for one already have a selection of USB-C compliant chargers and cables (yes, using Benson's spreadsheet). Will those be accepted by new USB-C devices supporting this specification? Will there be a supply of cheap USB-C cables that support this "authentication" AND work with every device vendor? I doubt it on both accounts. I prefer Benson's approach of shaming the vendors that don't follow the spec.
It isn't even widely adopted yet, and it's already causing a massive clusterfuck.
Why did they have to make the standard so stupidly complicated? What were they thinking?
If the cat feels it really should be a dog there is nothing wrong with that.
But should it still use the litter tray?
You're factually wrong on so many counts that it's not even funny.
A) The cables you're comparing are different lengths. 1m for the "Apple" cable vs. 2m for the Amazon cable. No wonder it's cheaper.
B) That "Apple" cable is being sold by a third-party via Amazon. Apple doesn't sell a single one of their products directly via Amazon. Buyer beware.
C) To compare apples to Apples, an actual 2m Apple cables costs $29 ($19 for 1m), not the $7.50 you suggested it was.
D) If you want to whip out your Apple e-peen to see if it's bigger than mine, I'd wager good money I have you beat. Macs have continuously been my primary computers since the late '80s. A Mac Classic, Performa 400, PowerMac G3 300, Titanium PowerBook DVI, HiRes Aluminum PowerBook, 2008 Mac mini, 2011 Mac mini. My wife uses them, my parents use them, my siblings use them, and my wife's siblings and parents do too. Likewise for phones and tablets: iPhone 3G, iPhone 4, iPhone 5s, iPad 2, and iPad Air 2. I could list off Time Capsules, Airport base stations, and other accessories too, if you'd like.
I use Apple products on a daily basis and absolutely love them (we're planning to buy an iPhone SE this weekend, in fact, assuming they're in stock), but there's no (sane) way to deny that actual Apple dongles and cables are far more expensive than their generic counterparts. It's no different than the advice we'd give people about BTO RAM upgrades: do it yourself after buying from a third-party.
So, as someone whose love for Apple likely runs far deeper than yours: stop with the lies and misinformation, since it makes us all look like we have no clue what we're talking about.
If "cables" are going to have authentication chips and whatnot inside them, they're not really just cables any more, are they? They're more like a third device to put between two other devices.
Do they really have to be so much more than just a certain number of pins in a certain pattern connected to the same at the other end by conductive material?
systemd is Roko's Basilisk.
I think a part of the problem with USB-C is that it can handle up to 100 watts of power delivery! If your cable is of questionable quality or has issues, messing up 100 watts of power can definitely break things or cause a fire. I think amazon decided to go the safer route instead of destroying equipment or causing fires.
It's not an authentication chip. It is just a chip that reports what the cable can do. If they didn't do it this way you would either have to design every cable to be able to deliver 50W of power and superspeed channel buffers, or you'd have to come up with a different scheme - such as the variable resistor values used before - to indicate what the cable can do. This also gets complicated fast, and is not easily extendable in the future. The active cable protocol is quite simple, and makes the whole system much more useful. Also, if you don't want any of the advanced features (super speed, high power delivery) then the spec supports passive USB-C cables.
the Amazon cable is twice the length.
And you missed the reply which showed that the Amazon cable was twice as long and pointed out that the "Apple" cable was not actually sold by Apple and, likely, counterfeit, linking to the actual Apple cable which sells for $11 more than the Amazon cable (which is still twice as long), or $21 more for the same length.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
If computer stores could buy a good, reliable cable tester - one that that tested the actual hardware for compliance with the actual spec - for under $100, it would make a great marketing tool.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
i can't wait until best buy starts selling high quality 3' 1000$+ usb cables. google "expensive hdmi cable best buy" if you really are unaware.
The only thing I want in a CABLE besides wires and insulation and maybe a matching transformer or other "if it's not there it won't work" things are safety systems, such as a fuse or idiot-proof/keyed endings/pinouts.
If it's got anything else, it deserves a title more glorified than "cable." Maybe "adapter" or "connector" or "extender" (think USB-2 extension cables with button-batteries in them to boost the signal) but not a lowly term that implies simplicity like "cable."
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
until it's authenticated
Until what's authenticated? That it's a cable? I've read the USB press release and a few other articles and there's no indication anywhere as to what this "authentication" is authenticating. If I take an authentic USB 3.0 cable with authentication and authentically send 10,000 authentic volts down it, does it authentically help the authentic owner of the authentically fried device to know that it's been authentically authenticated?
That will depend a lot on how easy it is to spoof the authentication.
And it makes me wonder if this also could become a way of locking cheaper, but still legit cable makers out of the market.
So, again, much depends on the implementation.
And you are free not to buy their overpriced USB cables. Period.
Well, there's spam egg sausage and spam, that's not got much spam in it.
And you are free not to buy their overpriced USB cables. Period.
Right up until the point where they use authentication to prevent it from working. Like Dell with their power adapters. (Oh, you didn't pay the dell power supply tax, so your 19.5V can't be allowed to charge the battery!)
There are good reasons for authentication--it's very hard to find USB cables that are actually up to spec. It has cost these companies probably millions of dollars in development time to hunt down bugs related to USB cables that are below spec.
But the solution isn't authenticated cables--it's having a robust cable testing protocol. Authenticated cables are fine and can be helpful, so long as they don't *disable* non-authenticated cables, but on their own they don't solve the underlying problem.
You are thinking about the one that fried some googler laptop.
This has NOTHING to do with it.
it will continue to fry your computer. This has to do with the fact that the cable itself now has a processor, like the lightning cable. or a usb hub.
This code, which they will force on the kernel upstream i bet, will make sure that the image running there is from some trusted vendor. Something like calling an API getVendorID and then the chip on the cable would return "copyrighted string ABC" so that they can sue manufacturers not paying the USB group fees, while not protecting you at all.
Now, if they had a tester device on the other end and they could try to detect any time skew from data going from one end to another, they could in theory detect man-in-middle attacks, which is all a cable can do... but i doubt that is the case.
A non-authenticated cable isn't necessarily faulty or malicious. I was hoping when I saw the article that the software would do actual analysis and measurement of said cables. Like run traffic or power through them and determine performance.
It doesn't matter one bit if said cable is 'authenticated.' So this is just more DRM shit cloaked as something 'free' and helpful.
There should be a litter tray outdoors, too. To accommodate the cat that insists it's a dog and will only shit outdoors, but also insists on clean clay-based (or clumping, on special request) litter to shit in.
Using Free Software to enforce proprietary hardware is pretty messed up.
Is it even Free(dom) Software? I had a quick look at the article and could only see that it's Free (of charge) Software...of course the two aren't mutually exclusive.
> Free Software Will Help Detect Faulty and Malicious USB-C Cables
Reading the article, I see no relation with "Free Software" mentioned and "Software Freedom."
May be deliberate as how media changed the meaning of "Hacker."
USB Type C cables aren't just wire. "Full-featured type-C cables are active, electronically marked cables that contain a chip with an ID function based on the configuration channel and vendor-defined messages (VDMs) from the USB Power Delivery 2.0 specification." (from Wikipedia).
The non-compliant cables that were being sold on Amazon probably don't contain spec-compliant chips, and that is something the testing software can check. A compliant cable still won't prevent damage if you connect a 10,000 volt source to it, but it will prevent some damage that can happen with non-compliant cables. Other possible problems with the non-compliant cables (that software would not be able to check for) would include out of spec connectors (the connector pitch of USB-C is rather fine so the connectors have to be manufactured to close tolerances) or wire that is too thin.
I presume that authentication would mean plugging in the both ends of the USB cable into a test device which has a light per cable. If there was any cross wiring, open wire or short, the cable would be rejected.
I am not sure that measurements would include frequency response (capacitance leakages).
Leslie Satenstein Montreal Quebec Canada
I must remember to ask the wife if she has powered up the iPad we were given last year. I certainly don't want to give them my credit card details for that, and I don't think she could handle the user interface.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"