Security Experts:

Connect with us

Hi, what are you looking for?



New Protocol Authenticates USB Type-C Chargers, Devices

New USB Type-C Authentication specification launched

New USB Type-C Authentication specification launched

The USB Implementers Forum (USB-IF) on Wednesday announced the launch of the USB Type-C Authentication Program, which aims to protect host systems against non-compliant chargers and potentially malicious devices.

The USB Type-C Authentication specification, unveiled by the USB-IF and the USB 3.0 Promoter Group in 2016, provides the cryptographic mechanisms needed for authenticating various types of USB Type-C devices, including chargers, cables, storage drives and power sources.

This optional security protocol allows OEMs to confirm the authenticity of USB chargers, cables and devices. Using certificates, companies can protect their products against both non-compliant chargers that can deliver damaging power surges and USB devices that may carry a malicious payload.

The authentication process takes place immediately after a wired connection is made, before any power or data exchange.

The use case examples described by the USB-IF and USB 3.0 Promoter Group when they unveiled the new specification included travelers concerned about charging their phones at a public terminal and enterprises protecting corporate assets by ensuring that only verified USB storage devices can be connected to their PCs.

The USB Type-C Authentication protocol provides support for authenticating over either the USB Power Delivery or USB data bus channels, it offers 128-bit security, and gives products control over security policies.

DigiCert has been selected to operate registration and certificate authority services for the new specification. The company will work with the over 1,000 member companies of the USB-IF.

“USB-IF is excited to launch the USB Type-C Authentication Program, providing OEMs with the flexibility to implement a security framework that best fits their specific product requirements,” said USB-IF President and COO Jeff Ravencraft. “As the USB Type-C ecosystem continues to grow, companies can further provide the security that consumers have come to expect from certified USB devices.”

Related: Malware Found on USB Drives Shipped With Schneider Solar Products

Related: USB Drives Deliver Dangerous Malware to Industrial Facilities

Related: Symantec Unveils USB Scanning Station for ICS, IoT Environments

Related: Apple Rolls-Out USB Restricted Mode in iOS

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.