USB-C to get improved security in fight against malware-laden USB sticks

null

New USB technology isn’t just about raw speed, but also security, and news has emerged of an incoming authentication system that will help protect host systems from the likes of dodgy USB Type-C devices or chargers trying to install malware or spark off malicious power surges.

The USB Implementers Forum (USB-IF), an organization dedicated to advancing USB technology, has laid out plans for a cryptographic-based 128-bit authentication system to help defend against non-compliant USB chargers, USB sticks laden with malware, and other assorted dangers.

The USB Type-C Authentication Program implements a standard protocol to be able to identify and authenticate certified USB-C chargers, devices and cables, and this security verification happens the moment the device or cable is plugged in.

In other words, before any power or data can be maliciously piped into the host system, therefore preventing any potential damage. Authentication can occur over either the USB data bus or USB power delivery channels.

Optional measure

The USB-IF notes that the security standard will be optional rather than compulsory – at least initially – and any products which use the authentication protocol will retain control over the way the security policies are implemented and enforced.

When the Authentication Program comes into existence, hardware manufacturers will be able to build this technology into, say, a PC, which will then be able to confirm that any USB device plugged into a port isn’t malicious by nature.

Furthermore, DigiCert has been named as the chosen company to oversee and manage the registration and certification side of the equation for the standard.

Jeff Ravencraft, President and COO of the USB-IF, commented: “USB Type-C adoption continues to grow and the interface is quickly establishing itself as the solution of choice for connecting and charging an endless variety of devices.

“USB-IF is eager to work with DigiCert to manage our certificate authority for USB Type-C Authentication, which will further support the USB ecosystem.”

Via Engadget