USB Type-C Authentication Protocol To Allow Blocking Of Uncertified And Malicious USB Devices

[Lucian Armasu]

The USB Promoter Group announced a new authentication protocol for the USB Type-C devices, which aims to block infected or faulty USB devices and chargers by default.

USB Type-C Authentication Protocol To Allow Blocking Of Uncertified And Malicious USB Devices : Read more

 

[IspotU]

That is interesting, but still a little too soon for me to get on board. I am looking forward to a mass implementation of C. It would be nice to not have to fight so much with USB devices in small cramped spaces.

 

[Quixit]

Seeing as we already have a raft of USB-C devices out now isn't it a bit too late?

 

[InvalidError]

DRM for USB cables and power adapters, now they are going to cost another $5-15 extra simply because they eliminated generic competition.

 

[jellysalt]

While a cable is a passive part, how to use 128-bit security cryptographic methods to authenticate it ?

 

[Guest]

how the hell plugging a usb device can spread malicious malware

 

[captaincharisma]

how the hell plugging a usb device can spread malicious malware

every USB device has a memory chip or has room for a memory chip that can have data stored on it

is this being too paranoid? yes. is it possible? you bet

 

[targetdrone]

Why hasn't t this been a problem with "out dated" mico-USB devices?

 

[jojesa]

Why hasn't t this been a problem with "out dated" mico-USB devices?

Previous USB solutions were simpler and less complicated.
Now USB Type-C charges and devices have chips and besides power it can support bi-directional power, video (DisplayPort, HDMI, VGA), Thunderbolt and also replace all other USB formats (Type-A, Type-B, Mini-USB, Micro-USB), Ethernet, etc.
Chips with data are embedded USB type-C devices and besides the danger on the data on them, cheaply made devices could draw too much power from a device connected to it and fry it or blow it up in your face.
Until USB Type-C, USB devices did not have data chips on them nor draw such amount of power from devices like laptops.

 

[targetdrone]

And what's to stop Evil China/Russia-Corp from using a legit certification to manufacture 100s of 1000s of malware infected chargers they plan to sell on Ebay? Will our USB-C devices need constant security updates to know which manufacture certificates are invalided. Good luck with that if you running a Mobile-Carrier version of android.

 

[crystaldragon141]

DRM for USB cables and power adapters, now they are going to cost another $5-15 extra simply because they eliminated generic competition.

USB devices not cables. The cables have nothing to do with it.

 

[hpram99]

I'm certainly hoping it's a step towards addressing BadUSB, it's an understated vulnerability.
I'm also fairly concerned about Thunderbolt/PCIe. That has a very similar vulnarability as BadUSB, and now Type-C is the standard connector for Thunderbolt 3

 

[DanManB]

I have mixed feelings about this. I support this so that bad chargers cannot screw up batteries and malware cannot be spread. However, I feel that some manufacturers will use this for monopolistic purposes and may use this to block custom firmware on some devices.

 

[DotNetMaster777]

Gool !!!