Slashdot Mirror

← Back to Stories (view on slashdot.org)

USB Type-C Authentication Program Launched (newatlas.com)

Posted by msmash on from the bolstering-security dept.

With the arrival of USB-C a few years back, plugging into laptops, tablets and smartphones became even easier than before. But there are potential security risks. The USB Type-C Authentication Program launched today aims to address such issues. From a report: The new protocol from the USB Implementers Forum (USB-IF) can be used to validate the authenticity of a cable, charger or hardware at the moment of connection, and stop attacks in their tracks. The USB-IF has chosen DigiCert to operate registrations and certificate authority services for the new specification, which makes use of 128-bit cryptographic-based authentication for certificate format, digital signing, hash and random number generation.

"USB Type-C Authentication gives OEMs the opportunity to use certificates that enable host systems to confirm the authenticity of a USB device or USB charger, including such product aspects as the descriptors, capabilities and certification status," said DigiCert in a press release. "This protects against potential damage from non-compliant USB chargers and the risks from maliciously embedded hardware or software in devices attempting to exploit a USB connection."

133 comments

  1. Lovely. by Anonymous Coward · · Score: 5, Insightful

    So this is going to enable Apple and their ilk to even more aggressively force people to buy their own craptastic cables.
    Good intentions, but I know exactly how this will be used.

    Mark my words, it will be used to oppress the user, not protect them.

    1. Re: Lovely. by Anonymous Coward · · Score: 0

      Not just Apple all manufacturer can now do planned obsolescence on usb cables and usb devices. Yay

    2. Re:Lovely. by Anonymous Coward · · Score: 1

      That was my first thought as well.

      Perhaps the EU will require that manufacturers allow use of non-vendor certified charges/devices with one click or one keystroke and that decision must be remembered for the life of the system so no more prompting will be required.

    3. Re:Lovely. by Anonymous Coward · · Score: 0

      Simple solution:
      Do not give money to companies that violate your freedom and abuse your trust. (i.e. M$, Apple, Google, FB, Twitter, etc.)

    4. Re:Lovely. by DaMattster · · Score: 2

      So this is going to enable Apple and their ilk to even more aggressively force people to buy their own craptastic cables. Good intentions, but I know exactly how this will be used.

      Mark my words, it will be used to oppress the user, not protect them.

      That will be the net effect. It's a stupid program designed to extort people for more of their hard earned money.

    5. Re: Lovely. by Anonymous Coward · · Score: 0

      If the GDPR is any indication, the big players will obfuscate the functionality with a huge, slow loading, floaty popup full of radio buttons.

    6. Re:Lovely. by Anonymous Coward · · Score: 0

      That works until they're a monopoly and you have no choice because everyone is doing it.

    7. Re: Lovely. by Anonymous Coward · · Score: 1

      My Super Monster Gold-Plated USB Type-C cable is working just great! It was only $500, but well worth every dollar. The manufacturer specifications state each cable is hand crafted using only the best children's tears and wrapped in bald eagle feathers.

    8. Re:Lovely. by Anonymous Coward · · Score: 0

      Because everyone is doing it? Found the sheep.

      I haven't used anything from Microsoft, Apple, Google, Facebook or Twitter in over a decade, with the two exceptions being Google Maps (for when OpenStreetMaps isn't being accurate) and the Common Unix Printing System. My social, professional and personal lives aren't suffering or held back as a result.

      Good luck kicking your smoking addiction, though. I'm just going to assume you have one, because everyone is doing it!

    9. Re: Lovely. by Woeful+Countenance · · Score: 1

      My Super Monster Gold-Plated USB Type-C cable is working just great! It was only $500 ....

      Ha! My $8,500 Ethernet cable sneers at your $500 USB cable! (They also have a 1.5-meter USB cable for $700.)

      Some people just have Too Much Money, and the rest of us have a moral obligation to held relieve them of some of it.

    10. Re: Lovely. by Anonymous Coward · · Score: 0

      Nice... you must really hear the clarity of each 1 and 0 that's transmitted over those! :)

    11. Re:Lovely. by arglebargle_xiv · · Score: 1

      It's not even that, it's not "authenticating" anything except that the device vendor paid DigiCert for a certificate. Like web site certificates, it tells you absolutely nothing about the safety of the thing you're connecting to, merely that someone, whether it was a legit organisation or a hacker with a stolen credit card, decided to spend money for a certificate to lull you into a false sense of safety.

    12. Re:Lovely. by Agripa · · Score: 1

      So this is going to enable Apple and their ilk to even more aggressively force people to buy their own craptastic cables.
      Good intentions, but I know exactly how this will be used.

      Mark my words, it will be used to oppress the user, not protect them.

      It will not make any difference. One of the first USB-C ASICs advertised included DRM for the charging as a feature. Authentication was built into the standard.

  2. Authorized Devices Indeed by Mia+Yuuki · · Score: 5, Insightful

    I can see it now. I am sorry, the certificate on your charging cables does not match the approved list on the phone and thus you need to order a new charging cable from the vendor. Oh, and if you persist in trying to use the non-approved cable from Amazon, we will be forced to void your warranty. Remember kids, only use Vendor OEM USB Devices. Everyone else is just a crook.

    1. Re:Authorized Devices Indeed by Anonymous Coward · · Score: 5, Insightful

      Worse: "The certificate for your otherwise authorized power supply has now expired."

    2. Re:Authorized Devices Indeed by Anonymous Coward · · Score: 0

      Anyone who doesn't think this is exactly the point is simply kidding themselves. It's the DMCA-based OEM peripheral lock-in everyone was warned about and subsequently blew off as conspiracy garbage two decades ago. Welcome to the future.

    3. Re:Authorized Devices Indeed by ArchieBunker · · Score: 1

      Don't worry. The protocol will be full of holes and buffers to exploit. Now your fancy charging cable can spread malware.

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    4. Re:Authorized Devices Indeed by zlives · · Score: 1

      meh i don;t know if this would/could apply to cables, but definitely chargers. also i can see where a device could get a prompt saying if the charger had a valid cert (not date valid but manufacturer valid). i have bought "apple" chargers that look like apple except for a minor detail that only becomes apparent when the charger doesn't work.
      I am assuming you would have the choice to trust a cert from a non -apple- manufacturer or bypass the warning to check for certs like we do with browsers today.

    5. Re:Authorized Devices Indeed by jbmartin6 · · Score: 1

      Yeah, this is just a rehash of the attempts to prevent folks from using unwanted (from content provider's view) playing/recording devices.

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
    6. Re:Authorized Devices Indeed by WankerWeasel · · Score: 3, Interesting

      To be fair, Amazon was selling a ton of cables that didn't meet the spec and were putting devices in danger of being legitimately damaged. Still, it'd doubtful they'll be able to prevent such junk on the platform as they still allow all kinds of counterfeit product for sale on their site. https://www.theguardian.com/te...

    7. Re:Authorized Devices Indeed by Mia+Yuuki · · Score: 1

      I am assuming you would have the choice to trust a cert from a non -apple- manufacturer or bypass the warning to check for certs like we do with browsers today.

      This is where the tricky part comes in. If you really commit to this being a good idea for "security" and such, then you have to make the assumption that the average user is completely technology illiterate. As such, you then have to ask yourself, do I trust the user to have any idea what is going on if I prompt them that there is some certificate error? Will they research this and understand or just click accept because they just want it to work and this annoying certificate prompt is stopping them. In the end good security is not convenient unfortunately. I am sure this will be marketed as protecting people, but in the end it will just be one more way to get your to purchase a dual certified Dell / Samsung cable so you can hook your new Note 9 to a Dell Laptop and have both be accepting of it or other such silly profit motives.

    8. Re:Authorized Devices Indeed by Anonymous Coward · · Score: 0

      I think you may be assuming too much there.

    9. Re:Authorized Devices Indeed by paulpach · · Score: 1

      I can see it now. I am sorry, the certificate on your charging cables does not match the approved list on the phone and thus you need to order a new charging cable from the vendor. Oh, and if you persist in trying to use the non-approved cable from Amazon, we will be forced to void your warranty. Remember kids, only use Vendor OEM USB Devices. Everyone else is just a crook.

      This can absolutely be used that way. Not that different from DRM.

      On the other hand it can be used to prevent that rogue USB flash drive you found on the parking lot from installing a key logger in your computer.

      There is no evil in the technology itself, the evil is in the heart of men.

    10. Re:Authorized Devices Indeed by gmack · · Score: 2

      This won't do anything to solve that problem since it was always an OS issue. You can just as easily install a keylogger on an approved device.

    11. Re:Authorized Devices Indeed by Anonymous Coward · · Score: 0

      Trusted and certified malware. IoT makers love anti-jailbreak security, but security against remote attacks, they seem to take a "wink, wink, nudge, nudge" poster towards.

    12. Re:Authorized Devices Indeed by mysidia · · Score: 4, Insightful

      On the other hand it can be used to prevent that rogue USB flash drive you found on the parking lot from installing a key logger in your computer.

      Not at all. That Rogue USB flash drive will still be able to contain installable malware. Nothing about the authentication standard changes that.

    13. Re:Authorized Devices Indeed by sjames · · Score: 1

      I am assuming you would have the choice to trust a cert from a non -apple- manufacturer or bypass the warning to check for certs like we do with browsers today.

      You should, so you don't end up locked in. Which is exactly why I assume that ability will quietly disappear one fine day. Possibly after a "totally accidental" time delay to make sure everyone's installed the new shiny before the other shoe drops.

      https://slashdot.org/comments.pl?sid=19/01/02/2025207&cid=57894076&sbsrc=topcom#

    14. Re:Authorized Devices Indeed by sjames · · Score: 1

      Or the dreaded non-OEM ink and toner which will like totally make your printer explode and mutate your cat's DNA.

    15. Re:Authorized Devices Indeed by Anonymous Coward · · Score: 0

      Yet, fools keep buying into the "walled garden" because they are too stupid and lazy to take reasonable safety precautions. They are sitting ducks for vendors like Apple -- easier than shooting fish in a barrel.

    16. Re:Authorized Devices Indeed by Anonymous Coward · · Score: 0

      Game console manufacturers will certainly put this on either this or the next generation of consoles. Who wouldn't want to prevent the use of 3rd party controllers so you have to buy official.

    17. Re:Authorized Devices Indeed by sexconker · · Score: 4, Insightful

      Devices were putting themselves in danger by not having basic electrical protection on the ports. In 90s, this was such a common (and commonly solved) problem that the Tawainese motherboard manufacturers listed all sorts of per-USB-port short, over voltage, over current, etc. protections on the box.

      It became a problem again with USB 3 because the first players to the market with USB controllers didn't learn their lesson from the USB 1.0/1.1 days. There's absolutely no reason a bad USB cable should be able to kill an entire device. At worst, it should kill a single port. Ideally, it would have a replaceable/resettable fuse so you don't even lose the port.

    18. Re: Authorized Devices Indeed by Anonymous Coward · · Score: 0

      Hilariously, your best bet here is Nintendo. They like using non-standard connectors (see: Wiimote, "Classic" consoles).

      Now all you have to do is fab a suitable conne-

      WAIT A SE-

    19. Re:Authorized Devices Indeed by Anonymous Coward · · Score: 0

      meh i don;t know if this would/could apply to cables, but definitely chargers. also i can see where a device could get a prompt saying if the charger had a valid cert (not date valid but manufacturer valid). i have bought "apple" chargers that look like apple except for a minor detail that only becomes apparent when the charger doesn't work.
      I am assuming you would have the choice to trust a cert from a non -apple- manufacturer or bypass the warning to check for certs like we do with browsers today.

      Apple did a study a few years ago and found that something like 95% of "Genuine Apple Chargers" on Amazon were fakes.

      Apparently, it's still rampant today:

      https://www.theverge.com/2018/4/30/17301714/amazon-counterfeit-goods-crackdown

      So, after Apple has to good-will replace a bunch of iPhones, iPads and MacBook Pros with fried electronics from a bootleg charger, you can begin to see that perhaps this really isn't about lock-in.

    20. Re:Authorized Devices Indeed by Anonymous Coward · · Score: 0

      I can see it now. I am sorry, the certificate on your charging cables does not match the approved list on the phone and thus you need to order a new charging cable from the vendor. [...]

      You need to add: "We're sorry, that cable has been discontinued. Please order a new device."

    21. Re:Authorized Devices Indeed by gravewax · · Score: 1

      regardless of the damage to the device potential that is purely the USER's choice, not Apples or Samsungs or whoever wants to prevent 3rd party kit. At most they should WARN a user the device may damage the device. If they really wanted to prevent the damage they would not arse rape their consumers with 1000%+ markups on sub $1 cables and chargers.

    22. Re:Authorized Devices Indeed by Anonymous Coward · · Score: 0

      hdcp again?

    23. Re:Authorized Devices Indeed by TheRaven64 · · Score: 2

      There are two kinds of danger for USB devices. This is intended to protect against the first: that a cheap cable from SuperGoodHappyCablesCompany advertises that it's able to carry 40W but actually catches fire if you run more than 5W through it for an extended period. This can be addressed by adding some authentication to everything in the chain so that you can drop the power when things are not certified.

      The second problem is that the firmware in the USB controller is typically buggy, as is the USB stack in the host OS. The highest-profile example of this was the Nintendo Switch, where they backed part of the USB stack for firmware updates into ROM and then discovered that it had an exploitable buffer overflow, but a number of attacks have been found on other USB controllers. A malicious device can exploit flaws in this firmware and often install persistent malware: the USB firmware is often running in SMM, so if you find an exploit in it then your malware is more privileged than the hypervisor (and can install EFI-based rootkits for persistence).

      Adding more complexity to the USB firmware makes the second type of attack a lot more likely. Given how many people plug their devices into random USB sockets for charging, I expect that we'll see a lot more of this kind of attack in the wild (if I were the NSA, for example, I'd be installing USB chargers in the first class lounges at Dulles and taking copies of everything that foreign diplomats had on their phones / tablets).

      --
      I am TheRaven on Soylent News
    24. Re:Authorized Devices Indeed by TheRaven64 · · Score: 1

      The user won't be prompted with a certificate error, the device will just fall back to charging at the lowest power mode.

      --
      I am TheRaven on Soylent News
    25. Re: Authorized Devices Indeed by Anonymous Coward · · Score: 0

      That was so true until Switch, which has USB-C ports. And controllers do not even use the tri-wing screws anymore. Yet they still manage to sell the controllers at 75Eur despite a big number of cheap alternatives available.

    26. Re:Authorized Devices Indeed by AmiMoJo · · Score: 1

      This happened with a literal Internet of Shit device in Japan recently.

      A company made an IoT button you can press when you baby takes a dump. The logs the defecation event to the cloud so that you can keep track of your offspring's bowel movements. I'm assume there was a "post to Facebook" option as well, literally shitting all over your friend's timelines.

      Unfortunately a hard coded certificate expired a few months after it went on sale and they had to do a recall. For their shitty shitting internet of shit logger.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    27. Re:Authorized Devices Indeed by AmiMoJo · · Score: 2

      Yeah, those old USB protection circuits won't survive 20v/5A on the data lines. And even if they did, the cable catching fire would burn your house down anyway.

      In fact there exist malicious devices that destroy USB ports precisely by applying very high voltages to the data lines of USB ports.

      Also, it's even harder to protect USB 3.0 ports because they operate at higher speeds over many more lines. On USB 1.1 you had four wires to worry about, and a maximum frequency of 12MHz. On USB 3.0 with a USB-C connector you are looking at 24 lines and gigahertz speeds that require very careful board layout, far from ideal for adding protecting from 20V to. A simple diode is gonna screw up your signal at those speeds.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    28. Re:Authorized Devices Indeed by thegarbz · · Score: 1

      To be fair, Amazon was selling a ton of cables that didn't meet the spec and were putting devices in danger of being legitimately damaged.

      The solution to this is not "software authentication". It's proper hardware design.

    29. Re:Authorized Devices Indeed by Anonymous Coward · · Score: 0

      Strange things happen when you place both a printer, with a non-OEM ink cartridge, and a cat in a box.

    30. Re:Authorized Devices Indeed by paulpach · · Score: 1

      Not at all. That Rogue USB flash drive will still be able to contain installable malware. Nothing about the authentication standard changes that.

      The problem is not having installable malware. The problem is a rogue usb device that pretends to be a usb drive, but also behaves as a usb keyboard, and as soon as it is inserted, it presses Win+R and run whatever it wants without user intervention.

      If the devices are required to be digitally signed, the os can refuse keyboards or other devices from running stuff without user permission. If the USB drive has a file with malware and you run it, well, that is your own damn fault.

    31. Re:Authorized Devices Indeed by sexconker · · Score: 1

      It's all doable, but the USB IF chose to not care, yet again.
      Modern USB (3/3.1/3.2 Gen 1/2/.../C/PD/etc.) is a fucking joke.

    32. Re:Authorized Devices Indeed by sexconker · · Score: 1

      Devices were putting themselves in danger by not having basic electrical protection on the ports. In 90s, this was such a common (and commonly solved) problem that the Tawainese motherboard manufacturers listed all sorts of per-USB-port short, over voltage, over current, etc. protections on the box.

      It became a problem again with USB 3 because the first players to the market with USB controllers didn't learn their lesson from the USB 1.0/1.1 days. There's absolutely no reason a bad USB cable should be able to kill an entire device. At worst, it should kill a single port. Ideally, it would have a replaceable/resettable fuse so you don't even lose the port.

      Pretty words; but here in the real-world, things are not always so neat and tidy...

      Still not so much fun for us laptop owners. And too many micro-fuses on Ports are neither easily replaceable nor resettable.

      There are electronic fuse designs you can reset with a switch. There are physical fuse designs that reset when they cool down.
      This is ancient fucking technology in the electronics world.

    33. Re:Authorized Devices Indeed by Woeful+Countenance · · Score: 1

      It can be about more than one thing, and one of those things might or might not be intended.

    34. Re:Authorized Devices Indeed by Anonymous Coward · · Score: 0

      Cool... This can even allow for a 'charger as a service' business... Pay for every watt-hour charged..

    35. Re:Authorized Devices Indeed by torkus · · Score: 1

      A cert isn't going to stop a malicious or miswired cable/charger that dumps 20v on the data line from doing damage. Authorized or not, you have to handshake and that opens you up to a High voltage attack.

      But that's not even vaguely what the intent is here. It's to prevent no-name manufacturers making and selling a cable/charger that's out of spec and devices getting damaged using it. In theory if it doesn't handshake with it's certs, it will default to whatever safe level (or no access) is default.

      Mind you, they tried this with DVDs and BR encryption and we know how much of a failure/nightmare that proved to be. Now let's worry about the firmware of our cables and chargers being out of date/spec/etc.

      Oh, and someone will get rich 'certifying' devices of course.

      --
      You can get rich if you own a politician, but you have to be rich to buy one in the first place.
    36. Re:Authorized Devices Indeed by torkus · · Score: 1

      Well yes, of course.

      But that costs money as does the implementation.

      When you're selling cheap cables that are even more cheaply made...you often don't spend that money.

      --
      You can get rich if you own a politician, but you have to be rich to buy one in the first place.
    37. Re:Authorized Devices Indeed by Anonymous Coward · · Score: 0

      https://arstechnica.com/information-technology/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/

      Well... A plain USB drive can be infected with malware in it's firmware... No need to open any file from it.. This is why you should never pick up and use and USB drive you find on the street.

      You can do the same with any type of USB device (keyboards, mice, usb-disks, cameras etc) that has a flashable firmware, and most devices do nowadays.

      Problem with only being able to use devices with whitelisted certificates is that you suddenly are forced to only buy stuff that the manufacturer of you machine has allowed you to use.. And the problem comes with that if one device in this chain is compromised and has it's private cert leaked you still have the same issue. You could theoretically block companies from selling devices with your certificate, but you cannot really block someone from abusing a leaked certificate when trying to install malware.

      Security for this could be quite simple... Let each device have a completely random id (128-bit uuid or similar) and when plugging in a new device it would ask the user to whitelist that specific device should be allowed to be a keyboard/USB-disk/etc/load custom usb-driver... Even if someone would make a USB drive with the same uuid on all of them that would not really be a big issue. You could even do it so it's the host-machine that writes the uuid when the device is initialized for the first time, before asking the user to whitelist it.

      Ie, these certificates has nothing to do with security for the user.

    38. Re:Authorized Devices Indeed by Anonymous Coward · · Score: 0

      If the devices are required to be digitally signed, the os can refuse keyboards or other devices from running stuff without user permission.

      .......

      *Facedesk*

      Or you know.... you could just set the machine to not enable the new device period without permission. Regardless of "signatures".....*groan* Like you know.... by setting the Group Policy that disables new hardware installations without administrator authorization?

      Linux has it's polkit and udev rules you can change....

      Long story short this is yet another case of a solution looking for a problem. Digital Signatures are not a panacea for hacks. They represent identities that can be trusted or not trusted by another. Just because a signature is on it doesn't mean it's safe, nor does it mean the "safe" device can't be compromised after the trust check.

      The real solution is safer defaults. I.e. don't just randomly install every thing that shows up and autorun it. But that solution requires people to actually care about what they are doing, and in the age of "Got mine, fuck yours" asking people to care about their own safety is apparently too much to ask of them.


      1. Plug in thumb drive.

      2. Authorization window pops up asking if you connected a thumb drive. Click yes.

      3. Authorization window pops up asking if you also connected a keyboard. Should click no, but people don't read the window nor see the giant keyboard icon and click yes anyway wanting the window to go away.

      4. Hacker wins.

    39. Re:Authorized Devices Indeed by thegarbz · · Score: 1

      It's not up to the cable to be expensive. It's up to the device at either end to limit itself to a safe level. We've repeated the mistakes from early USB 1.0 devices. And no protecting does not cost money for implementation, at least not significantly due to the incredibly low cost of protection devices and the fact that they are often baked into the silicon itself.

      If you have a standard that auto-negotiates how to provide power, then that standard should also ensure that no possible misconnection scenario can damage the port and that includes whatever shitty Chinese cable you plug into it.

    40. Re:Authorized Devices Indeed by mysidia · · Score: 1

      problem is a rogue usb device that pretends to be a usb drive, but also behaves as a usb keyboard, and as soon as it is inserted, it presses Win+R and run whatever it wants without user intervention.

      Uhm... in this case, WHO gets to decide what hardware is legitimate?
      There are perfectly USB devices that act as HID devices "pretend to be keyboard" for perfectly legitimate reasons -- things like
      remote KVM over IP devices with Virtual Media, Auto-Typers, Mouse Wiggler, Two-Factor Auth tokens such as Yubikey, Hardware Password Managers.

      Many keyboards also contain a convenience/easy-access USB port you can use to plug in a Thumb drive (or a mouse) ---
      there's no way to tell the difference between a single device pretending to be two USB components, and a USB device with another device plugged into it, or shared using a passive USB hub.

      If someone makes a malicious device: what exactly is going to stop them from doing the next step and getting a valid certificate
      on their malicious device?

      If the process is too involved, they'll hinder a lot of USB hardware including open source projects --- with prohibitive costs.
      It kind of defeats what makes USB such a popular interface --- is that it's simple, universal, and generic, no licensing etc; the barrier to entry is extremely low.

      What about computers needing to emulate USB devices AND USB hosts that need to simulate another vendor's USB device for compatibility reasons?

      They're basically pulling the rug out of the USB standard and make it so ``malicious device makers'' may just opt to purchase a legit piece of device and dissect/decap the chips on the legitimate device in order to capture/"steal" a copy of the crypto material, then re-use the legit device's certificate on their malicious device. That's what probably will wind up happening eventually when laptop and phone manufacturers start abusing the Auth protocol to arbitrarily ban/block interoperability with 3rd party USB chargers ----- some devices may now start adding USB ports that only work with "Manufacturer $X thumb drives",
        great.....

  3. We have been implementing this by Anonymous Coward · · Score: 0

    We have been implementing exactly this where I work last year!. Since I work in government I.T. in Palo Alto, I start work at 7:00AM.
    --
    Rocketman - Star Trek 2: The Wrath of Khan - William Shatner Trailer

  4. Still haven't seen one by DarkRookie2 · · Score: 0

    I am waiting to see a USB charger.
    I have seen a lot of adapters mislabeled as that, but never a true charger.

    --
    http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie
  5. We're all screwed by Anonymous Coward · · Score: 0

    Hardware lock-down has begun.

    1. Re:We're all screwed by omnichad · · Score: 2

      I'd say locked bootloaders on laptops and routers and HDCP over HDMI all predate this by a wide degree.

    2. Re:We're all screwed by scdeimos · · Score: 1

      Hardware's been getting locked down for over a decade. What did you think UEFI and TPM were?

  6. Oh it's worse than that. by Anonymous Coward · · Score: 3, Interesting

    This just helps ensure that only authorized compromised cables can be used with your USB 3 device. It does NOTHING to ACTUALLY stop malicious cables being used to disable or destroy your device, since they can just take components from an authenticated cable to pass the handshake then use their own microcontroller or circuit to fry your hardware when it attempts to charge or connect over the cable.

    1. Re:Oh it's worse than that. by AmiMoJo · · Score: 1

      To be fair I think the main goal is to stop poorly manufactured cables from damaging equipment, not to defend against malicious ones. The uncertified ones can just work with data and 5V charging, but certified ones are supposed to be safe for use at 100W.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:Oh it's worse than that. by Anonymous Coward · · Score: 0

      Oh - I long for the days of childhood innocence also.....

    3. Re:Oh it's worse than that. by Anonymous Coward · · Score: 0

      That's what they are saying at least... But history tells us that it will be abused to lock people with only their approved chargers/cables..

      For this to not be abused It must be possible to disable this completely or older devices that are out of warranty will most likely not receive updated certificates for new chargers making those machines obsolete because there are no compatible chargers to buy.. Just look at Apple and what they consider to be too old.

      "My $50 charger broke so i will have to buy a new $2000 machine"

      There is a so much easier way to protect against faulty cables than this, and that will even cover a "good" cable that is damaged.... A simple resistance measurement of the cable can be used to tell if the cable is up to par for the wanted power-transfer, and that could be integrated into the machine/charger without any certificates or data-communication between the charger and machine...

      Say we have 4 wires in the cable. (2 for power and two for signalling)
      Handshake:
      1. Charger and machine sees that cable 1 and 2 are low and checks that there is no short-circuit between cable 3,4.
      2. Charger puts cable 1 high and shorts cable 3,4
      3. Machine detects that cable 1 is high and does a resistance check over cable 3 and 4.
      4. Machine puts cable 2 high and shorts cable 3,4
      5. Charger detects that cable 2 is high and does a resistance check over cable 3 and 4.
      Step 4,5 is optional.

      This can also be used by the charger to tell the machine the max amp's the machine is allowed to draw for it to allow for automatic fast-charging. All without any data-communication and includes detection of damaged or incorrectly labeled cables.

      If you want to add another safety-feature you can require the charger to put cable 1 and 2 via a thermistor, after the handshake is done, so the machine can detect temperature-increases in the charger.. To protect against cheap chargers just putting a resistor there you could also have the machine detect that there is a resistance-change the more power the machine draws.

  7. security carefully chosen to be already by Anonymous Coward · · Score: 0

    circumvent-able by the government and law enforcement because terrorists and child naturally.

  8. Apple.... by Anonymous Coward · · Score: 0

    .... must be the architect of this, and they must be giddy with excitement. In the past, they had to use special-purpose connectors to keep folks in their walled garden. Now they can use cheaper, commodity connectors and still enforce compliance.

    Must be good for their bottom line...

  9. This protects additional revenue streams by misnohmer · · Score: 1

    From the summary:
    "This protects against potential damage from non-compliant USB chargers and the risks from maliciously embedded hardware or software in devices attempting to exploit a USB connection."

    I think the summary omitted:
    More importantly, this protects against loss of revenue to 3rd party vendors who make USB chargers.

    If it was only about compatibility and non-compliant chargers, USB-IF certification should suffice. As for malicious attacks, no certificate is going to protect the port against a brute force "fry the port" chargers.

    1. Re:This protects additional revenue streams by mysidia · · Score: 3, Insightful

      As for malicious attacks, no certificate is going to protect the port against a brute force "fry the port" chargers.

      Malicious actors are likely going to find a way of cloning the certificate off a legitimate USB Host and simply re-using that identity.

    2. Re:This protects additional revenue streams by Anonymous Coward · · Score: 0

      As for malicious attacks, no certificate is going to protect the port against a brute force "fry the port" chargers.

      Malicious actors are likely going to find a way of cloning the certificate off a legitimate USB Host and simply re-using that identity.

      Or stealing the private cert from the manufacturer a la Stuxnet.

  10. This is all Apple was waiting for... by FrankSchwab · · Score: 4, Interesting

    ...to transition from Lightning to USB-C. They had to have a way to maintain their revenue from selling $20 cables, and licensing the ability to sell authorized cables. I don't know how many lightning cables I've thrown away because they worked for three months, then Apple updated IOS and blocked them.

    Now I'll have to buy Apple USB-C cable, and HP USB-C cables, and Lenovo USB-C cables, and Nikon USB cables, and Microsoft USB cables. And, with OEMs promiscuously relabeling each others products, I'll never know which cable to use with which devices.

    They've re-invented the RS-232 connection nightmares, but without the ability to carry a bag of dongles that might straighten things out. And so dies USB as the most successful cabling and protocol standard in technology history.

    --
    And the worms ate into his brain.
    1. Re:This is all Apple was waiting for... by Anonymous Coward · · Score: 0

      ... or you could wise-up and stop playing Apple's stupid game. Dump them for an Android.

    2. Re:This is all Apple was waiting for... by DontBeAMoran · · Score: 4, Interesting

      Do you really think Apple will be the only one to abuse this DRM-inside-the-cable bullshit?

      --
      #DeleteFacebook
    3. Re:This is all Apple was waiting for... by Solandri · · Score: 2

      The companies will do whatever the people allow them to get away with. If the people willingly buy products which require proprietary cables, they will design their devices to only work with (expensive) proprietary cables. If the people take a stand and refuse to buy any device with proprietary cables, manufacturers will use unlocked USB-C cables.

      So ultimately, it still boils down to boycotting companies like Apple until they start behaving and making consumer-friendly products. You're assuming the mere presence of some Android devices which use proprietary cables makes it equal to Apple. It does not. All Android devices would need to use proprietary cables (thus preventing you from buying a non-proprietary option) before it became like Apple. In fact the presence of some Android devices using proprietary cables is necessary, so manufacturers can clearly see the people (hopefully) choosing non-proprietary devices, thus telling them that non-proprietary is the way to go.

    4. Re:This is all Apple was waiting for... by Anonymous Coward · · Score: 0

      Please remember to buy this season's USB C cables, folks.

      Otherwise your devices won't work.

      More importantly, the company profits might be hurt.

      And hurting our capitalist companies supports Communism, citizen.

    5. Re:This is all Apple was waiting for... by Anonymous Coward · · Score: 0

      So ultimately, it still boils down to boycotting companies like Apple until they start behaving and making consumer-friendly products.

      Boy, I don't know of any person or company that was forced to purchase personal Apple gear. Not a one.

      Is it so impossible for your tiny brain to fathom the possibility that Apple owners are, by and large, highly brand-loyal because they feel that Apple is already "behaving" and "making consumer-friendly products"?

      I genuinely feel sorry for you; that you are so wound-up in your little private paranoid fantasies, that you can't see that your world-view and preferences are not, nor should they be, shared by everyone.

    6. Re:This is all Apple was waiting for... by Anonymous Coward · · Score: 0

      They'll be the first. What happens to them will determine if others follow their lead.

    7. Re:This is all Apple was waiting for... by Anonymous Coward · · Score: 1

      This year's iPad Pros already switched to USB-C.

    8. Re:This is all Apple was waiting for... by Anonymous Coward · · Score: 0

      They've re-invented the RS-232 connection nightmares, but without the ability to carry a bag of dongles that might straighten things out.

      What RS-232 connection nightmares? RS-232 works. It is the configuration in the software (choosing the correct COM port, baud rate, flow control type, bit, etc.). This was also an era in computing when you had to make sure you didn't have conflicting IRQ lines and DMA channels on your peripherals (ie: not plug-and-play).

      Yeah, you had DB-9 and DB-25, gender benders, and null modems. But keeping a supply of RJ-45 to RS-232 modular adapters handy made that a non-issue. I have a drawer full of the various types of USB cables--far more than any combination of RS-232 specs.

      RS-422 extenders OTOH could be a bit persnickety, especially when you don't know the quality or condition of the cable made available.

      RRK

    9. Re:This is all Apple was waiting for... by Anubis+IV · · Score: 1

      They had to have a way to maintain their revenue from selling $20 cables, and licensing the ability to sell authorized cables. I don't know how many lightning cables I've thrown away because they worked for three months, then Apple updated IOS and blocked them.

      I'm going to disagree with you before agreeing with you.

      For my part, I've been buying extra Lightning cables for years—not a single one of which was from Apple—and have never run into anything like what you're describing. I purchased extras from AmazonBasics (in 2013), Fordigi (2014), iXCC (2014), Kinps (2015), and Anker (2018), as well at least one other brand whose name I can't even remember in 2018, and I've never had a single one fail to work with a new device/accessory, with other people's devices/accessories, after a software update, etc..

      Moreover, you're making it sound like customers have no choice: get gouged by Apple's brand-name markup or get gouged by Apple's licensing fee markup. In truth, that's a false dichotomy that couldn't be further from reality. Those AmazonBasics cables I mentioned earlier? They were a 3-pack of 6' cables for $16, fully licensed under Apple's MFi program. And that was back in 2013. These days, you can pick up a fancy, nylon-braided, MFi-certified 5-pack of varying lengths for only $13. Hell, just look at the list I provided in the last paragraph and it should be obvious I'm price conscious since I'm hardly sticking to brand names, yet every single one of them was licensed under Apple's MFi program, which means I've had none of the problems you're describing.

      All of which is to say, it sounds like you've been going out of your way to purchase the cheapest Lightning cables you can find from companies of no repute. It's been my experience that when you work that hard to scrape the bottom of the barrel, you tend to get what you paid for.

      Now I'll have to buy Apple USB-C cable, and HP USB-C cables, and Lenovo USB-C cables, and Nikon USB cables, and Microsoft USB cables. And, with OEMs promiscuously relabeling each others products, I'll never know which cable to use with which devices.

      That said, just because I think that things are rosier in Lightning-land than you're making them out to be does NOT mean that I disagree with anything you've said about USB-C. Quite the contrary, I share your concerns about USB-C going this route.

      Lightning certification works fine because there's only one fiefdom to which everyone using Lightning belongs. You're either in, or you're out. If the cable is certified, it will work. Simple. USB-C, however, is an interoperable standard with many players in the game. Enabling them to lock each other out means taking a "universal" connection and splitting it into a multitude of incompatible connections. As you said, it's just a matter of time before we see "certified" USB-C cables that don't working with USB-C ports because they weren't certified for that port. That's a world I do not want to see.

      (Aside: It's also worth pointing out that Apple hasn't been waiting on this to transition from Lightning to USB-C. The 2018 iPad Pro already had a USB-C port instead of a Lightning port, and the MacBook lines began switching to USB-C charging years ago. As such, any Apple fans thinking they're shielded from these issues are living in a bubble that's about to pop. Likewise, any Apple fans who think that Lightning works fine so USB-C will too need to realize that the two are very different.)

  11. Opposite attraction by Anonymous Coward · · Score: 1

    This is completely the opposite to what I like about USB C. USB - universal. My whole family has been eying up USB C and making purchase decisions based on that because the reality is batteries are so crap and can't be removed that everytime you visit someone else's house you need a charger. Now sure you can carry one in your pocket but that's not exactly always an option.

    My mum has a MacBook air with a USB C cable and I plugy old nexus 6p into it happily. My girlfriend has a Samsung galaxy note 9 and we happily swap cables through out the house. When we go on holiday, if one of us forgets our cable we can happily use the others.

    My brother, my cousin's, my uncles and aunties, everyone has at least one USB C device and it's hit crucial mass where everyone prefers this type of cable.

    When I went to Tahiti on holiday, I was in the smaller outter Islands when my USB C cable broke leaving me with out my phone at critical points. Nowhere could I find a USB C cable until I found some generic Adapter that was ridiculously over priced in some guys electronic repair shack.

    The point being the very attraction of cables is being able to use anyone I want. It's one of the reasons I refused to buy iPhones because everything spat out "this is not an official cable now your phone won't charge". I'm still burdened by having to use an iPhone at work and I hate it.

    Fix the security holes but don't become arseholes and ruin one of the most important conveniences to actually owning a device... Being able to use it when I want and having it work.

    There is a recession coming and it will be the generic, work together products that survive.

    1. Re:Opposite attraction by Anonymous Coward · · Score: 0

      I wonder about the specifics, like will a generic USB 2.0 cable still work? (USB 2.0 USB-C. I don't know of a clean way to say it). Let's say the phone is all pissy about your cable and so it refuses to do anything but charge and does so at 500mA or 1A, maybe more !?, stuck at 5 volts.

      More likely, in most cases the phone will forgo that whole security feature due to cost involved to the manufacturer including the need to ship a certified charger for it.
      Apple will surely love this for dongles that allow the "privilege" of reading an SD card or a video out. I saw a pic of a Lightning to video out dongle where there's a bit-twiddling CPU in there already and it did some weird things (take a digital signal up to 1600x900 from the phone, upscale to 1920x1080 for HDMI output). That's a somewhat powerful dongle I guess though then people bitch about this.

      There is a recession coming and it will be the generic, work together products that survive.

      Even expensive phones like "cheap flagship" range have USB 2.0 on USB-C cable instead of supporting 5 gbps USB 3.1. I also think of consumer desktop motherboards though that's a different market with more freedom and support : these come with an empty socket for the Trusted Platform Module. Thus cutting good part of an expense and liability out.

  12. CAN BUS for computers! by dhickman · · Score: 1

    Anyone who has had the joy of having to authenticate their part via CAN BUS on a Ford ( in my case) knows exactly what I am talking about.

    1. Re:CAN BUS for computers! by Anonymous Coward · · Score: 0

      More like CANT BUS

    2. Re:CAN BUS for computers! by fisted · · Score: 1

      At least Ford terminates all CAN busses right on the DLC instead of having a stupid ass gateway in front of it.

      --
      CLI paste? paste.pr0.tips!
  13. I take issue with the initial sentence. by Anonymous Coward · · Score: 0

    Where they say that with "USB-C that connecting things is easier than before". The reality is that it forced me to go out and buy converter dongles since everything else in the house is some other USB connector.

    I went with wireless charging pads however - that was the way that I simplified things for charging phones.

  14. Why the cable? by LynnwoodRooster · · Score: 1

    The two endpoints should authenticate against each other. A cable? OK, so it says it's "legit" and "authorized" but there is zero information about the condition of the cable. Maybe it's heavily frayed, or about to fall onto a hot soldering iron. No help at all. Other than restricting who's cable you can buy, of course...

    --
    Browsing at +1 - no ACs, I ignore their posts. So refreshing!
    1. Re:Why the cable? by Anonymous Coward · · Score: 0

      You're a moron, not an engineer.

    2. Re:Why the cable? by aaarrrgggh · · Score: 2

      Conductor ampacity, resistance, and maximum voltage would be simple starting points.

      I do agree that this has far more potential for vendor abuse that consumer protection. I bought my first portable USB-C device over the weekend (an iPad) and am really pissed off about the limitations imposed by the solution even today. My must-have travel charger kit went from a 6-port multi-output charger with dongles for micro-USB, Lightning, Apple Watch now needs a new cable, and potentially a new multi-output charger. I had finally gotten my charging crap down to a manageable mess, and now this.

      It is rapidly approaching the point where I want to just abandon consumer electronics altogether. Went without my watch for a week because I forgot the charging cable... and was completely unwilling to purchase yet another one. It wasn't the end of the world.

    3. Re:Why the cable? by willy_me · · Score: 3, Insightful

      The USB Type-C standard already mandates an active cable if you want to utilize the full 5A that the standard can supply. It might not have information on the condition of the cable - but nothing can prevent users from being stupid. It is just another level of security which, with all the other protections, helps prevent damage when power traverses USB.

      It is easy to add an IC to a USB connector - they are basically designed for it. See this part to see how it is typically done. So adding the ability to verify the cable does make sense for workplaces that require the security. It is just too easy to, for example, add a keylogger to a cable.

      No computer manufacturers would ever get away with requiring authenticated cables. Apple might try but the public outcry would be immense. That being said - having it as a bios setting is exactly what a certain subset of users require.

    4. Re:Why the cable? by dgatwood · · Score: 2

      Conductor ampacity, resistance, and maximum voltage would be simple starting points.

      Do not want. Putting additional intelligence in cables just increases the odds of the cable failing because some unnecessary chip decides to stop working. And a couple of those don't even make sense:

      • The maximum voltage for a USB cable is limited only by the distance between pins (arcing), which is defined by the shape and size of the connector itself, making that number entirely moot, barring something really bonkers.
      • The resistance should be approximately zero (at least too small to easily measure). Otherwise, there's something very wrong with the cable.

      What you really care about is how much current the cable can carry before the voltage starts to sag, which depends mainly on the conductor size. There's a very easy way to find that out without the cable needing to be smart: ramp up the current until the voltage sags beyond reasonable tolerances, then back off the current. This small amount of extra intelligence on the device end, purchased once, eliminates the need for extra intelligence on cables, which you buy dozens of.

      Furthermore, the cable's notion of how much current it can carry is, in practice, completely useless. When a cable starts to fail, it usually fails slowly, with individual wire strands breaking. This can create a hot spot in the cable or connector that, when driven at full amperage, could potentially cause a fire. The cable has no way of determining whether such damage has occurred. But with proper voltage drop detection at the endpoints, properly designed hardware actually *can* detect that type of failure and reduce the amperage to a safe level.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    5. Re:Why the cable? by LynnwoodRooster · · Score: 1

      Fray that cable, and the current capacity just dropped. But it was safe - because I plugged it in and it said "safe"! Use 24 AWG, and you're good for about 4A of current... How much more do you need than that?

      For my charging purposes, I use my laptop (Lenovo P71) that has a USB 3.0 port that are always "live" - regardless of the laptop being plugged in or turned on. I carry a three-adapter cable in my backpack to keep not just my Note 8 and Bluetooth devices charged (USB C and micro B USB), but have bailed out friends as well (Lightning). One cable and I'm good to go at any time...

      --
      Browsing at +1 - no ACs, I ignore their posts. So refreshing!
    6. Re:Why the cable? by LynnwoodRooster · · Score: 2

      Apple includes an MFI chip in authorized cables and their consumers took it willingly. I hope Android fans will stand fast against what Apple does...

      --
      Browsing at +1 - no ACs, I ignore their posts. So refreshing!
    7. Re: Why the cable? by Anonymous Coward · · Score: 0

      Not coincidentally, Lightning mostly just works and USB C is a shitshow.

    8. Re: Why the cable? by LynnwoodRooster · · Score: 1

      I've never had a USB C cable that didn't work with my phone or Bluetooth devices. On the other hand, I've seen plenty of people buy "discount" Lightning cables and find they don't work.

      --
      Browsing at +1 - no ACs, I ignore their posts. So refreshing!
    9. Re: Why the cable? by Anonymous Coward · · Score: 0

      There is no Benson Leung of Lightning

    10. Re:Why the cable? by willy_me · · Score: 1

      Including an IC to verify the current capacity of the cable is not a bad idea. It is the price one has to pay for having a "one size fits all" solution. A quick check of Monoprice shows a short USB Type-C cable going for $5 while the certified Lightning cable goes for $6. I would not call that much of a price premium.

    11. Re:Why the cable? by Anonymous Coward · · Score: 0

      The two endpoints should authenticate against each other. A cable? OK, so it says it's "legit" and "authorized" but there is zero information about the condition of the cable. Maybe it's heavily frayed, or about to fall onto a hot soldering iron. No help at all. Other than restricting who's cable you can buy, of course...

      You can spout all those reasons; but when OEMs like Apple (and I'm sure others) have to deal with the aftermath under warranty (or suffer the death of a thousand "denied" internet trolls) from apparently indistinguishable-looking bootleg chargers, there really is an argument to be made.

      Can it be abused? Yes; but there is nothing to be done about it now, if that's really the agenda, everyone will jump on the bandwagon, and then what?

      But it really can't, or else the "they" will quickly be removing the "Universal" from Universal Serial Bus.

      Personally, I don't see this being actively enforced except for Chargers. Those are generally the only really "dangerous" device (dangerous to the computer) that is in common use by nearly everyone with a portable/mobile device..

    12. Re:Why the cable? by Anonymous Coward · · Score: 0

      Conductor ampacity, resistance, and maximum voltage would be simple starting points.

      I do agree that this has far more potential for vendor abuse that consumer protection. I bought my first portable USB-C device over the weekend (an iPad) and am really pissed off about the limitations imposed by the solution even today. My must-have travel charger kit went from a 6-port multi-output charger with dongles for micro-USB, Lightning, Apple Watch now needs a new cable, and potentially a new multi-output charger. I had finally gotten my charging crap down to a manageable mess, and now this.

      It is rapidly approaching the point where I want to just abandon consumer electronics altogether. Went without my watch for a week because I forgot the charging cable... and was completely unwilling to purchase yet another one. It wasn't the end of the world.

      Wait! Lemme get this straight:

      Apple changes the iPad from a Proprietary Charging/Data Port (Lightning) to a UNIVERSAL Charging/Data Port, and you have the temerity to be "PISSED"?

      This is why we can't have nice things...

    13. Re:Why the cable? by AmiMoJo · · Score: 1

      The resistance should be approximately zero

      That's where real life gets in the way. You have three parameters: very low resistance, small/flexible cable, and low cost. Pick any two.

      This issue will keep getting worse as time goes by and we demand faster and faster charging. Even now most phones play it safe by slowly ramping up current draw until the voltage starts to sag too much, figuring that is probably a safe point where the cable won't catch fire.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    14. Re: Why the cable? by Anonymous Coward · · Score: 0

      Seiko Kinetic watch. Doesn't need any cables. Keeps time very well, it only needed to be adjusted once in the past 8 years. Even if you let the capacitor run down completely (which takes 4-6 months), you just shake your wrist a few times and it gets enough juice to get going again. Put it on your wrist and it Just Works(tm). Now you know how not to be stuck without a functioning watch for a week.

    15. Re:Why the cable? by Anonymous Coward · · Score: 0

      But it does nothing for bad companies selling bad clones... Some decapping of the IC and dump the private key and there they have a valid key and they can start producing cables..

      If this was to ensure that the cables where capable for the wanted current they could just have a simple thing that would measure resistance over the cable during the handshake... It's as easy as putting out 5v at low amp's and measure the voltage-drop (and you probably have most of that hardware in your laptop already) on the return and all the charger would have to do is switch, for a minimal amount of time, from voltage-supply to short of the high-current cables during this handshake.

  15. "non-compliant" - fascist speak by Anonymous Coward · · Score: 0

    We should kill people who use those kinds of works. They are tyrants, by nature.

  16. apple changer $29.99 apple car cig changer $39.99 by Joe_Dragon · · Score: 1

    apple changer $29.99 apple car cig changer $39.99. euro plug for us phone $39.99

    all 3rd party locked out.

  17. Can you say "vendor lock-in"? by Anonymous Coward · · Score: 0

    As for end-user security... not so much.

    Akin to cigarettes: they sell me freedom and adventure, I get some cancer-inducing garbage.

    Criminals.

  18. USB Power Delivery by tepples · · Score: 2

    I'm not sure what you mean here. Do you mean that an adapter meeting the Battery Charging spec or its successor the Power Delivery spec is not a "USB charger"? Or do you just mean that the vast majority of power adapters on the market with a USB A or C receptacle materially fail to meet the spec?

    1. Re:USB Power Delivery by DarkRookie2 · · Score: 0

      Calling something like:
      https://www.amazon.com//dp/B07...
      a charger.
      Its a adapter. Rectifier technically.

      --
      http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie
    2. Re:USB Power Delivery by Pascoea · · Score: 2

      For someone being as pedantic as you are, you could have at least used proper English. Improper use of a colon. Incomplete sentences. "Its" vs "It's", "a" vs. "an".

    3. Re:USB Power Delivery by Anonymous Coward · · Score: 1

      Unless this thing's putting out 155Vdc when plugged into a 110Vac (RMS) outlet, or 340Vdc when plugged into a 240Vac (RMS) outlet... me thinks you don't know what a rectifier is.

    4. Re:USB Power Delivery by DarkRookie2 · · Score: 1

      With words I am. I hate people who use literally when they mean figuratively.
      Not so much grammar. I don't get a blue line under bad use in my browser.

      --
      http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie
  19. Doing it Wrong by Anonymous Coward · · Score: 0

    Any time mass storage or connectivity technology allows a thing you plug into your system to damage your system electrically or push data into your system without you being in control of it, somebody did it wrong. Maybe they were trying to make things convenient for the user, maybe they wanted to control the use of the technology, maybe they were just idiots. But it was WRONG. It was a moral and technical failure.

    We don't need cryptographically aware transfer methods. We just need open protocols and devices that do what the system tells them to do, and can't (by design) do anything else.

  20. Can we make cables that actually stay plugged in? by PhrostyMcByte · · Score: 1

    I've had two USB-C phones now and it's a crapshoot if a cable will actually stay in the phone. And if you have half a millimeter of lint stuck in socket you're screwed. It seems like tolerances within the spec between the plug and the socket are too loose.

  21. I wonder what they will do in the EU though. by Anonymous Coward · · Score: 2, Informative

    Since here, there are laws requiring device makers to allow using any microUSB charger.
    They specifically made a law to end this bullshit. Which is why Apple products include an adapter.
    I would be surprised of the same legislators aren't already drafting laws to stop this too as we speak.

    There are still a few non-fascists (aka non-neocons) in the EU dictatorship administration, it seems. Coprorations still haven't completely taken over.

    1. Re: I wonder what they will do in the EU though. by Anonymous Coward · · Score: 0

      Really? Hows the whole "degrade your video if there isn't a digital chain with a confirmed display" thing going for you guys?

    2. Re:I wonder what they will do in the EU though. by Anonymous Coward · · Score: 0

      It is not actually a law and the agreement expired.

    3. Re:I wonder what they will do in the EU though. by Anonymous Coward · · Score: 0

      It wasn't a law but is now. Keep up please.

    4. Re: I wonder what they will do in the EU though. by Anonymous Coward · · Score: 0

      That âoepleaseâ really made the difference

  22. You're a voter, not a human. by Anonymous Coward · · Score: 0

    Go back to your barn, livestock. There are decisions to be made as you are told.
    Here's a blue pill for you.

  23. Re: Can we make cables that actually stay plugged by Anonymous Coward · · Score: 1

    Or maybe clean your pockets out more often? Get a port cover? Stop rolling around in lint?

  24. Headphone jack need authentication too by Anonymous Coward · · Score: 0

    I can't wait until I need fingerprint and eyescan before plugging a cable.
    The future is so bright I'm blinded by it.

  25. Nail in the coffin for USBC in the maker community by Anonymous Coward · · Score: 0

    This will just be the nail in the coffin for USBC in the maker community. No way every microcontroller project will be able to get "signed" to work with it. The very thing this is meant to prevent, a "badusb" type device means the death of it for makers.

    Only big corps are going to be able to afford the verification and signatures required for this.

  26. Where the hell are you buying Lightning cables? by Anonymous Coward · · Score: 0

    I've bought some Lightning cables 3 for $10 (3', 6' & 10') off eBay three years ago and they are still working fine. At one point I thought they were flaking out, but it turns out my iPhone had lint in the Lightning port. A few minutes digging around with a safety pin, and removing an absolutely astounding amount of lint, and everything was good again.

  27. Re: Can we make cables that actually stay plugged by caseih · · Score: 1

    Oh wow. Are you serious? Also you realize that dust and dirt can get inside the male USB C connector itself and cause all sorts of mechanical problems.

    I love that everyone is standardizing on the same type of connectors, but let's not fool ourselves that these are the most robust connectors in the world. And this cable DRM scheme is certainly disappointing, if not surprising.

  28. "Royalty free" by Anonymous Coward · · Score: 0

    Yeah, so glad they made it royalty free to foster support, you can implement USB-C in your DIY project woohoo!

    WAIT A SE-

  29. Re: Can we make cables that actually stay plugged by Anonymous Coward · · Score: 1

    Oh wow. Are you serious? Also you realize that dust and dirt can get inside the male USB C connector itself and cause all sorts of mechanical problems.

    I love that everyone is standardizing on the same type of connectors, but let's not fool ourselves that these are the most robust connectors in the world. And this cable DRM scheme is certainly disappointing, if not surprising.

    Get yourself a magnetic USB charging cable. The magnet goes into your power port, and then you can use the magnetic cable to "snap" onto the device of your choice. Then get another because you have become to lazy to move it to the bed from your desk. So convenient.... ( 8(|) Mmmmm

  30. Re: Nail in the coffin for USBC in the maker commu by Anonymous Coward · · Score: 0

    I mean, I guess you could just implement it as a regular USB client.

    Oh, except that authenticated cables necessarily have ICs in them.

    Well, I guess micro USB and USB A are still going strong... ... for the moment.

  31. Re: Can we make cables that actually stay plugged by Anonymous Coward · · Score: 0

    I think you're buying poorly manufactured cables or devices, USB-C is the sturdiest connection of its type I've seen in years. Easily bests USB micro. Heck, I can dangle my phone on the end of the cord, if I ever needed to safely lower it down a 3 metre drop.

    A shame, then, that USB-IF have decided to lock it down to "authorized" vendors.

  32. "BIOS blacklist" for USB devices, yay by Anonymous Coward · · Score: 0

    This is begging to become just like the BIOS blacklist in many computers that prevents you from buying a new wireless mini-PCIe card and installing it to upgrade your laptop's wireless capability, except instead of being keyed off of device IDs it's keyed off of a security certificate.

  33. Technical details by chris-chittleborough · · Score: 1

    Here's a press release with some technical info. It says that the full details are in a "USB Power Delivery 3.0" (a new revision) and "USB Type-C Bridging" (a new specification).

  34. Just woke up by Anonymous Coward · · Score: 0

    It looks like the first thing I did this year was fall into a coma and wake up on April 1.

  35. Is this due to the poor quality of USB cables ? by AbRASiON · · Score: 1

    I thought, this might be the USB consortium, attempting to improve the atrocious reputation USB C has.

    It (to my knowledge) can still fry your phone, nintendo switch, or whatever you plug into it, if you use a cheaper cable.

    If you purchase one of those high end, new USB-C battery packs, then plug in a USB-C to USB-C cable into another pack? What happens?
    I don't know, but it's certainly, physically possible.

    I know Nintendo switches have been destroyed, I know Benson at Google lost a Chromecast due to a poor USB C cable.
    I don't know /just how smart/ USB C is, you'd expect plugging 2 charging devices into each other, they would go "huh?" and just stop doing anything, perhaps the proper spec cables do just that, but there's been too many fried USB C devices out there, hence the atrocious adoption.

    They should've gone with colour coding too, X colour = USB 3.1, Y colour = USB 2, Z colour= can do video also.
    Something like that, I don't know but as it stands, it's a horrifically confusing standard, the only thing going for it is a bit better power delivery and reversible cables.

    As for the topic at hand? Well, initially I assumed, heck this is going to be a good thing for the consumer, based on the headline. That does not appear to be the case, this does read exactly like some kind of "screw the consumer" proprietary cabling standard and frankly awful as heck.

  36. Not a new concept... by rickb928 · · Score: 1

    ..because this is rent-seeking of the highest order.

    Honestly, my cables do not need to be signed. I just need to exercise some discrimination and buy from reputable manufacturers.

    --
    deleting the extra space after periods so i can stay relevant, yeah.
    1. Re:Not a new concept... by Anonymous Coward · · Score: 0

      Funnily enough, everything else in the house doesn't need digitally signed power cables.

      I wonder how on earth we've managed without vendors "protecting us" by ensuring we buy ONLY THEIR cables.

  37. Windows 10 sends the cable serial # in Telemetry by Anonymous Coward · · Score: 0

    Don't give them any more ideas, Windows 10 is already an impressively evil and consumer-hating advertising platform that the customer pays for.