New USB-C protocols offer protection against malware and malicious devices

A C-type USB Authentication program will be launched as a protection measure against malware and non-compliant devices

USB Implementers Forum (USB IF), a non-profit organization recently announced the launching of an authentication program applied to the USB Type-C. According to cybersecurity specialists from the International Institute of Cyber Security, this new feature will help provide host systems with the opportunity to protect against unsupported USB chargers, as well as minimize the risks of malicious firmware infection on USB devices.

Thanks to this program it will be possible to confirm the authenticity of a USB device (either a charger or a cable) from the moment a connection is made to ensure that no file or malicious data is transferred from one computer to another.

The non-profit organization will work together with DigiCert cybersecurity experts to manage PKI services and act as a certification authority for the USB-C authentication program.

“As the USB-C-compliant ecosystem keeps growing, companies need to increase the security measures customers expect from an authority-certified device,” said Jeff Ravencraft, Operations Manager at USB IF.

According to specialists in cybersecurity, unauthenticated USB devices can affect multiple forms of a computer system. There have even been cases where ships suffered cyberattacks in the middle of their path due to unauthenticated USB implementations.

USB-C authentication will include:

  • A standardized authentication protocol for chargers, devices, cables and power sources
  • Support for authentication via USB data bus
  • 128-bit security for all cryptographic methods

Other security organizations have also taken steps to protect their devices from threats via USB; for example, Google will add a new security feature to Chrome OS in December to protect its Chromebook devices from malicious firmware on USB devices.

Apple also launched a similar feature for iOS 11.4.1, including a new feature requesting that users unlock their device after an hour of inactivity before allowing any activity through a USB port.