Slashdot Mirror
USB Type-C Authentication Program Launched (newatlas.com)
With the arrival of USB-C a few years back, plugging into laptops, tablets and smartphones became even easier than before. But there are potential security risks. The USB Type-C Authentication Program launched today aims to address such issues. From a report: The new protocol from the USB Implementers Forum (USB-IF) can be used to validate the authenticity of a cable, charger or hardware at the moment of connection, and stop attacks in their tracks. The USB-IF has chosen DigiCert to operate registrations and certificate authority services for the new specification, which makes use of 128-bit cryptographic-based authentication for certificate format, digital signing, hash and random number generation.
"USB Type-C Authentication gives OEMs the opportunity to use certificates that enable host systems to confirm the authenticity of a USB device or USB charger, including such product aspects as the descriptors, capabilities and certification status," said DigiCert in a press release. "This protects against potential damage from non-compliant USB chargers and the risks from maliciously embedded hardware or software in devices attempting to exploit a USB connection."
"USB Type-C Authentication gives OEMs the opportunity to use certificates that enable host systems to confirm the authenticity of a USB device or USB charger, including such product aspects as the descriptors, capabilities and certification status," said DigiCert in a press release. "This protects against potential damage from non-compliant USB chargers and the risks from maliciously embedded hardware or software in devices attempting to exploit a USB connection."
This just helps ensure that only authorized compromised cables can be used with your USB 3 device. It does NOTHING to ACTUALLY stop malicious cables being used to disable or destroy your device, since they can just take components from an authenticated cable to pass the handshake then use their own microcontroller or circuit to fry your hardware when it attempts to charge or connect over the cable.
To be fair, Amazon was selling a ton of cables that didn't meet the spec and were putting devices in danger of being legitimately damaged. Still, it'd doubtful they'll be able to prevent such junk on the platform as they still allow all kinds of counterfeit product for sale on their site. https://www.theguardian.com/te...
...to transition from Lightning to USB-C. They had to have a way to maintain their revenue from selling $20 cables, and licensing the ability to sell authorized cables. I don't know how many lightning cables I've thrown away because they worked for three months, then Apple updated IOS and blocked them.
Now I'll have to buy Apple USB-C cable, and HP USB-C cables, and Lenovo USB-C cables, and Nikon USB cables, and Microsoft USB cables. And, with OEMs promiscuously relabeling each others products, I'll never know which cable to use with which devices.
They've re-invented the RS-232 connection nightmares, but without the ability to carry a bag of dongles that might straighten things out. And so dies USB as the most successful cabling and protocol standard in technology history.
And the worms ate into his brain.