The USB Implementers Forum (USB-IF) today announced the launch of the USB Type-C Authentication specification, a software protocol that will serve as a line of defense protecting USB-C products from non-compliant USB-C cables that are potentially able to damage a device.
With the USB Type-C Authentication specification, computers and other devices with USB-C ports will be able to confirm the authenticity of a USB device or USB charger, verifying elements like certification status and power flow, along with ensuring no malware is present.
Using this protocol, host systems can confirm the authenticity of a USB device or USB charger, including such product aspects as the descriptors/capabilities and certification status. All of this happens right at the moment a wired connection is made - before inappropriate power or data can be transferred.
USB Type-C Authentication empowers host systems to protect against non-compliant USB Chargers and to mitigate risks from maliciously embedded hardware or software in USB devices attempting to exploit a USB connection
The USB Type-C Authentication specification comes after some non-compliant USB-C cables were able to damage electronic devices. Google engineer Benson Leung spent weeks testing USB-C cables sold by Amazon after a third-party cable he bought destroyed his Chromebook Pixel, making it his mission to highlight the risks of non-compliant cables.
Leung's work led Amazon to ban third-party retailers from offering USB-C cables that do not adhere to the standard specifications issued by the USB-IF, and it's also led to the creation of the protections announced today.
Key characteristics of the USB Type-CTM Authentication solution include:
- A standard protocol for authenticating certified USB Type-CTM Chargers, devices, cables and power sources
- Support for authenticating over either USB data bus or USB Power Delivery communications channels
- Products that use the authentication protocol retain control over the security policies to be implemented and enforced
- Relies on 128-bit security for all cryptographic methods
- Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation
Apple began using USB-C with the Retina MacBook, choosing the standard because it allows both data and power transfer through a single connector. USB-C is appealing for its universality, but because USB-C cables can transfer more power than traditional USB connectors, non-compliant or faulty equipment can damage electronic devices by providing too much power.
The Retina MacBook already has safeguards built in to protect it from non-compliant cables, but the new USB Type-C Authentication feature will offer another layer of protection should Apple choose to implement it. Current machines will only charge from third-party USB-C power adapters if they comply with the USB Power Delivery specification, and if too much power is detected, the USB-C ports on the MacBook will shut down.
While the Retina MacBook is the only product that currently offers USB-C functionality, Apple may choose to offer USB-C ports in additional machines in upcoming updates scheduled to take place across 2016.
Top Rated Comments
This suggests a quote that isn't fake:
"For every complex problem there is an answer that is clear, simple, and wrong." -- H. L. Mencken
Before non-Apple (smart)phones switched to some version of USB (and even then it took a while until micro USB emerged as a standard), the plethora of different charging plugs and parameters for phones were a royal pain, in regard to not being able to use other people's chargers and in perfectly good chargers ending up in landfills when one bought a new phone which came with a different type of charger. Standardisation of chargers then coincided with the need to transfer large-ish amounts of data to phones and that locked in the combination of data and charging in one port.
Reminds me of this one time, when someone on the internet came up with a story which had nothing to do with the topic at hand.