USB chargers and devices are universally accessible and easy to use, but they come with a host of potential security risks, namely the spread of malware from infected devices, and data leakage should a device fall into the wrong hands. Now, the USB Implementers Forum (USB-IF) — the big dog in the advancement of USB tech — has launched its USB Type-C Authentication Program, which will help mitigate these issues.
The program defines the optimal cryptographic-based authentication for USB-C devices and chargers. Any host system using this protocol will be able to confirm the authenticity of a device or charger, including descriptors and capabilities, right at the moment a connection is made. So say, for example, you’re concerned about charging your phone at a public terminal. Your phone could implement a policy only allowing a charge from certified chargers. A company, meanwhile, could set a policy for its PCs, giving them access only to verified USB storage devices.
At this stage, the program is simply a recommendation — there’s no mandatory implementation required, but its creation certainly points to future security requirements for USB-C, which USB-IF president Jeff Ravencraft believes is “the single cable of the future.” Indeed, as more product manufacturers adopt USB-C, nefarious individuals will be looking for ways to exploit their vulnerabilities, so the guidance marks an important contribution in enabling a secure system of compliant, interoperable products.