New USB-C Technology for Better Protection Against Malware
USB type-C ports and connectors are slowly but surely picking-up popularity, as it replaces USB-A and Micro-USB due to the strong influence of mobile computing. The speed of USB type-C and the reversible connection feature are both engineering marvel and greatly increase convenience for users. It does not stop there as USB-IF (USB Implementers Forum) has revealed their plans to implement the USB Type-C Authentication Program. This is an extra addendum to the protocol, which USB device manufacturers can implement that can lessen the vulnerability of using USB connectors and ports.
The USB spec has for decades became a favorite attack surface for malware to infect a computer. By implementing the newly revealed ‘optional’ security-specific spec for USB Type-C, a layer of protection that will stop some types of malware from using the USB device, cable and charger that complies with the Type-C addendum spec.
“USB-IF is excited to launch the USB Type-C Authentication Program, providing OEMs with the flexibility to implement a security framework that best fits their specific product requirements. The USB Type-C adoption continues to grow and the interface is quickly establishing itself as the solution of choice for connecting and charging an endless variety of devices. USB-IF is eager to work with DigiCert to manage our certificate authority for USB Type-C Authentication, which will further support the USB ecosystem. ” said Jeff Ravencraft, USB-IF COO and President.
Vendors can choose to adapt this proposed authentication technology using the USB Power Delivery or the USB data bus segment. It uses a 128-bit encryption strength, covering all compliant devices, connectors and ports, bypassing any custom local security policies enforced by the host hardware.
USB Type-C Authentication empowers host systems to protect against non-compliant USB chargers and to mitigate risks from malicious firmware/hardware in USB devices attempting to exploit a USB connection. Using this protocol, host systems can confirm the authenticity of a USB device, USB cable or USB charger, including such product aspects as the capabilities and certification status. All of this happens right at the moment a connection is made – before inappropriate power or data can be transferred,” explained Joe Blaich, Press Officer for USB Implementers forum.
It will take awhile for USB Type-C with authentication spec to become the most common USB connector/port. At the time of this writing, it is ubiquitous for a brand-new Android smartphone to have a Type-C port, however, this is not a common port/connector in a brand-new PC sold by competing hardware vendors. USB Type-A is still the most common connector on most PCs, with USB Type-C being available as a PCI-express card, for those that specifically require native USB Type-C connector in a PC.
With the pressure imposed by brand-new smartphones that continue to proliferate USB Type-C connectors, it is a good assumption that motherboard manufacturers will start embedding Type-C connectors on the PCB of the motherboards they produce. The USB authentication technology is not backwards compatible with the current USB Type-A devices and connectors.
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.