Jump to content

USB-C to get improved security in fight against malware-laden USB sticks


Recommended Posts

Posted

New USB technology isn’t just about raw speed, but also security, and news has emerged of an incoming authentication system that will help protect host systems from the likes of dodgy USB Type-C devices or chargers trying to install malware or spark off malicious power surges.

The USB Implementers Forum (USB-IF), an organization dedicated to advancing USB technology, has laid out plans for a cryptographic-based 128-bit authentication system to help defend against non-compliant USB chargers, USB sticks laden with malware, and other assorted dangers.

The USB Type-C Authentication Program implements a standard protocol to be able to identify and authenticate certified USB-C chargers, devices and cables, and this security verification happens the moment the device or cable is plugged in.

In other words, before any power or data can be maliciously piped into the host system, therefore preventing any potential damage. Authentication can occur over either the USB data bus or USB power delivery channels.

Optional measure

The USB-IF notes that the security standard will be optional rather than compulsory – at least initially – and any products which use the authentication protocol will retain control over the way the security policies are implemented and enforced.

When the Authentication Program comes into existence, hardware manufacturers will be able to build this technology into, say, a PC, which will then be able to confirm that any USB device plugged into a port isn’t malicious by nature.

Furthermore, DigiCert has been named as the chosen company to oversee and manage the registration and certification side of the equation for the standard.

Jeff Ravencraft, President and COO of the USB-IF, commented: “USB Type-C adoption continues to grow and the interface is quickly establishing itself as the solution of choice for connecting and charging an endless variety of devices.

“USB-IF is eager to work with DigiCert to manage our certificate authority for USB Type-C Authentication, which will further support the USB ecosystem.”

Via Engadget

UjaldurwI4A

View the full article

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.