A C-type USB Authentication program will be launched as a protection measure against malware and non-compliant devices
USB Implementers Forum (USB IF), a non-profit organization recently announced the launching of an authentication program applied to the USB Type-C. According to cybersecurity specialists from the International Institute of Cyber Security, this new feature will help provide host systems with the opportunity to protect against unsupported USB chargers, as well as minimize the risks of malicious firmware infection on USB devices.
Thanks to this program it will be possible to confirm the authenticity of a USB device (either a charger or a cable) from the moment a connection is made to ensure that no file or malicious data is transferred from one computer to another.
The non-profit organization will work together with DigiCert cybersecurity experts to manage PKI services and act as a certification authority for the USB-C authentication program.
“As the USB-C-compliant ecosystem keeps growing, companies need to increase the security measures customers expect from an authority-certified device,” said Jeff Ravencraft, Operations Manager at USB IF.
According to specialists in cybersecurity, unauthenticated USB devices can affect multiple forms of a computer system. There have even been cases where ships suffered cyberattacks in the middle of their path due to unauthenticated USB implementations.
USB-C authentication will include:
- A standardized authentication protocol for chargers, devices, cables and power sources
- Support for authentication via USB data bus
- 128-bit security for all cryptographic methods
Other security organizations have also taken steps to protect their devices from threats via USB; for example, Google will add a new security feature to Chrome OS in December to protect its Chromebook devices from malicious firmware on USB devices.
Apple also launched a similar feature for iOS 11.4.1, including a new feature requesting that users unlock their device after an hour of inactivity before allowing any activity through a USB port.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.