SoylentNews is people
SoylentNews
USB-C could soon offer protection against nefarious devices:
The program defines the optimal cryptographic-based authentication for USB-C devices and chargers. Any host system using this protocol will be able to confirm the authenticity of a device or charger, including descriptors and capabilities, right at the moment a connection is made. So say, for example, you're concerned about charging your phone at a public terminal. Your phone could implement a policy only allowing a charge from certified chargers. A company, meanwhile, could set a policy for its PCs, giving them access only to verified USB storage devices.
At this stage, the program is simply a recommendation -- there's no mandatory implementation required, but its creation certainly points to future security requirements for USB-C, which USB-IF president Jeff Ravencraft believes is "the single cable of the future."
USB Type-C Authentication Program gets started, sounds like it's effectively DRM for Type-C devices:
Today the USB-IF, the non-profit behind the USB standard's marketing and specifications, revealed the formal launch of its "USB Type-C™ Authentication Program," originally announced back in 2016. The optional program "defines cryptographic-based authentication for USB Type-C chargers and devices." If that sounds like a thinly veiled euphemism for hardware DRM to you, that's because it is.
The new authentication mechanism "empowers" vendors to "protect" us customers against "non-compliant USB chargers." Bad chargers and cables are/were a legitimate problem for the USB Type-C ecosystem (praise be to Benson), but the USB-IF's program allows for vendors to use this means of accessory certification for anything they choose. This isn't just a standard set by the USB-IF for cables and chargers to meet, any OEM can use it to bake-in support for only "approved" devices if they like. Remember when Apple clamped down on third-party hardware with its MFi certification program? Now USB-C-wielding OEMs can get in on some of that licensing action, and better, it's being done in the name of security.
In addition to pushing PD compliance, the nascent standard is being spun as a security enhancement, protecting us consumers from malicious firmware and hardware attached to USB devices. But even the marketing PR can't help but point out how useful it will be for OEMs in other, less consumer-friendly ways: "Using this protocol, host systems can confirm the authenticity of a USB device, USB cable or USB charger, including such product aspects as the capabilities and certification status."
Previously: USB Type-C Authentication Protocol Announced
Related: One Manufacturer's "Fundamentally Dangerous" USB Type-C Cable Fries Hardware
Amazon Bans Non-Compliant USB Type-C Cables
(Score: 4, Informative) by Anonymous Coward on Thursday January 03 2019, @06:02AM (6 children)
They are colloquially known as "USB condoms" and have beeen around for awhile.
https://int3.cc/products/usbcondoms [int3.cc]
Not sure if they make special cables or if any support USB-C yet.
(Score: 3, Interesting) by takyon on Thursday January 03 2019, @06:32AM (3 children)
No Type-C cable or FAQ item about it on the new site: http://syncstop.com/ [syncstop.com]
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Thursday January 03 2019, @10:33AM (2 children)
If I'm reading https://en.wikipedia.org/wiki/USB-C#USB_Power_Delivery [wikipedia.org] and https://en.wikipedia.org/wiki/USB_Power_Delivery#Power_Delivery_(PD) [wikipedia.org] correctly, a control channel (CC) pin is required to negotiate more than 15W, but the data pins (USB2 D+/- and USB3 TX/RX pairs) are not required for power delivery. Though the CC pin transmits data, in a sense? So, maybe they could build something like a condom with a tiny hole in it...
(Score: 0) by Anonymous Coward on Thursday January 03 2019, @04:29PM (1 child)
15W ought to be enough for anyone (with apologies to 640K & Bill Gates).
(Score: 2) by DannyB on Thursday January 03 2019, @08:52PM
45W for a laptop.
But the laptop USB-C charger looks like a phone USB-C charger. So you could mistake them. And nothing bad happens when you do.
Maybe eventually, if there is no *real* cost issue, it might be simpler and cheaper to only make laptop (45W) chargers -- even for phones. The phone will still negotiate for what it wants, even if the charger can supply more.
The lower I set my standards the more accomplishments I have.
(Score: 2) by hendrikboom on Thursday January 03 2019, @05:54PM (1 child)
That condom seems to block the data pins, but does it block high-voltage power transients, or even just plain high voltages?
(Score: 2) by toddestan on Friday January 04 2019, @04:37AM
Looks to be pretty simple. There's 3 surface mount resistors on it. My guess they are there to fool certain devices into charging as some devices look for a resistance across the data pins to know whether they are plugged into a dumb charger.
I made one a while ago by basically slicing open an extension cable, cutting the data wires, then wrapping it back up with electrical tape. I forgot how exactly I determined which wire was which - I might have taken a guess that the red and black were power and cut the other lines and was correct. Looked exactly how you might expect, but it did the job. Seems I lost track of it at some point though.