New USB-C Standard Fixes Cable Woes

Tuesday, April 19, 2016 @ 04:04 PM gHale


There is a new standard called USB Type-C Authentication, which could protect USB-C capable devices from low-end USB chargers and potentially ward off USB malware.

The new standard is a direct answer to a series of incidents that took place over the past year, when users reported they had their devices destroyed by faulty USB-C cables, said officials at the USB Implementers Forum (USB-IF).

RELATED STORIES
USB Trojan Leaves No Trace
Cryptographic Standard Document Released
New Security Standard from NIST
Joint Process Needed for Security Framework

Normally USB cables shouldn’t be able to damage devices, but USB-C cables are different because they can relay data and power at the same time.

The improper implementation of the USB-C specification by some vendors has resulted in sub-standard cables hitting the market that send more power than the standard USB-C specification implies.

A Google researcher tested USB-C cables and posted Amazon reviews about his findings. After a series of catastrophic incidents, his actions reached Amazon’s ears, who at the end of March decided to ban all non-standard USB-C cables or adapters.

USB-IF division USB 3.0 Promoter Group created a new standard to protect device manufacturers from faulty USB-C cables. The new USB Type-C Authentication will integrate within the firmware of USB-C capable devices and USB chargers and will work as a pre-connection authentication system.

When the user makes a connection via USB-C cables, their device (tablet, smartphone, laptop) will establish a pre-connection with the other device (typically a charger, but can also be another laptop, smartphone, or tablet).

The two exchange information about their charging capabilities and the type of data to transfer, also verifying if the other device is from a USB-IF authorized manufacturer.

This information ends up sent encrypted with a 128-bit encryption key and occurs before any data or power is sent between the two.

The new standard can prevent sending power between devices that don’t adhere to the strict USB-C specification, but can also prove useful for companies that want to create their own custom-made authentication system for USB devices.

Enterprise workstations could end up configured to accept connections and data transfers from only a certain class of devices, putting an end to employees connecting rogue equipment to a company’s network.