USB-C could soon offer protection against nefarious devices:
The program defines the optimal cryptographic-based authentication for USB-C devices and chargers. Any host system using this protocol will be able to confirm the authenticity of a device or charger, including descriptors and capabilities, right at the moment a connection is made. So say, for example, you're concerned about charging your phone at a public terminal. Your phone could implement a policy only allowing a charge from certified chargers. A company, meanwhile, could set a policy for its PCs, giving them access only to verified USB storage devices.
At this stage, the program is simply a recommendation -- there's no mandatory implementation required, but its creation certainly points to future security requirements for USB-C, which USB-IF president Jeff Ravencraft believes is "the single cable of the future."
USB Type-C Authentication Program gets started, sounds like it's effectively DRM for Type-C devices:
Today the USB-IF, the non-profit behind the USB standard's marketing and specifications, revealed the formal launch of its "USB Type-Câ„¢ Authentication Program," originally announced back in 2016. The optional program "defines cryptographic-based authentication for USB Type-C chargers and devices." If that sounds like a thinly veiled euphemism for hardware DRM to you, that's because it is.
The new authentication mechanism "empowers" vendors to "protect" us customers against "non-compliant USB chargers." Bad chargers and cables are/were a legitimate problem for the USB Type-C ecosystem (praise be to Benson), but the USB-IF's program allows for vendors to use this means of accessory certification for anything they choose. This isn't just a standard set by the USB-IF for cables and chargers to meet, any OEM can use it to bake-in support for only "approved" devices if they like. Remember when Apple clamped down on third-party hardware with its MFi certification program? Now USB-C-wielding OEMs can get in on some of that licensing action, and better, it's being done in the name of security.
In addition to pushing PD compliance, the nascent standard is being spun as a security enhancement, protecting us consumers from malicious firmware and hardware attached to USB devices. But even the marketing PR can't help but point out how useful it will be for OEMs in other, less consumer-friendly ways: "Using this protocol, host systems can confirm the authenticity of a USB device, USB cable or USB charger, including such product aspects as the capabilities and certification status."
Previously: USB Type-C Authentication Protocol Announced
Related: One Manufacturer's "Fundamentally Dangerous" USB Type-C Cable Fries Hardware
Amazon Bans Non-Compliant USB Type-C Cables
(Score: 4, Insightful) by Anonymous Coward on Thursday January 03 2019, @02:44AM (3 children)
(Score: 5, Touché) by coolgopher on Thursday January 03 2019, @03:56AM (1 child)
Universally terrible?
(Score: 2) by DannyB on Thursday January 03 2019, @05:00PM
USB = Universal Sad Bus
Or: Universal Short Bus
But it does not cause short circuits.
People today are educated enough to repeat what they are taught but not to question what they are taught.
(Score: 2) by All Your Lawn Are Belong To Us on Thursday January 03 2019, @08:51PM
Catholic Serial Bus?
This sig for rent.