New USB-C Standard Can Help Fight USB Malware

[Exterminator]

Content source

http://news.softpedia.com/news/new-usb-c-standard-can-help-fight-usb-malware-503087.shtml

The USB Implementers Forum (USB-IF) has announced the creation of a new standard called USB Type-C Authentication, which aims to protect USB-C capable devices from low-end USB chargers that might end up frying your gear, but can also prove useful when fighting USB malware.

The new standard is a direct answer to a series of incidents that took place over the past year, when many users reported they had their devices destroyed by faulty USB-C cables.

This scenario might sound strange because USB cables shouldn't be able to fry devices, but USB-C cables are different because they can relay data and power at the same time.

Amazon has already taken action against low-end USB-C cables
The improper implementation of the USB-C specification by some vendors has resulted in sub-standard cables hitting the market that send more power than the standard USB-C specification implies.

A Google researcher spent a large part of his free time testing USB-C cables and posting Amazon reviews about his findings. After a series of catastrophic incidents, his actions reached Amazon's ears, who at the end of March decided to ban all non-standard USB-C cables or adapters from their store.

USB-IF division USB 3.0 Promoter Group created a new standard to protect device manufacturers from faulty USB-C cables. The new USB Type-C Authentication will be integrated within the firmware of USB-C capable devices and USB chargers and will work as a pre-connection authentication system.

When the user makes a connection via USB-C cables, their device (tablet, smartphone, laptop) will establish a pre-connection with the other device (typically a charger, but can also be another laptop, smartphone, or tablet).

In theory, the new standard can help fight malware
The two exchange information about their charging capabilities and the type of data to be transferred, also verifying if the other device is from a USB-IF authorized manufacturer.

This information is sent encrypted with a 128-bit encryption key and occurs before any data or power is sent between the two.

The new standard can prevent sending power between devices that don't adhere to the strict USB-C specification, but can also prove useful for companies that want to create their own custom-made authentication system for USB devices.

Enterprise workstations could be configured to accept connections and data transfers from only a certain class of devices, putting an end to employees connecting rogue equipment to a company's network.

Of course, this only works for USB-C capable devices and will probably take some time until the world migrates to this so-called "universal USB" standard. When this happens, users won't be able to just come with their personal malware-infested USB thumb drives and plug them in computers at work.

 

[frogboy]

I like the sound of this anything that saves a PC is good.

 

[jamescv7]

Good concept there mostly it should not contain any disadvantages besides the demands of the people which why is not yet ready for distribution. Imagine a pain where many are lazy to disinfect the viruses on thumdrive and instead reformat.