Today, the USB Implementers Forum officially launched the USB Type-C Authentication Program to set a standard for type-C USB device for improved security.
Presently, there is no standard to determine the authenticity of USB Type-C connectors, and this poses a challenge for system administrators; they have to take additional measures to prevent the exploitation of USB ports.
At the moment, anyone can add hardware components in the USB cable for disabling the unused ports and running malicious activities in the background. Moreover, such modifications in the cable are difficult to notice, which further makes it too easy to exploit USB devices.
The USB Type-C Authentication program allows OEM to certify that USB Type-C products offered by them are fool-proof against the commonly used hardware attack methods.
128-bit encryption will be deployed in the certified devices to ensure that no modifications have been made in the cable. DigiCert, a US-based company that issues SSL certificates to websites, will provide public key infrastructure and will also manage CA program participants.
Certain software policies will be imposed on Type-C devices that will allow OEMs to restrict certain USB functions on the basis of the certification status.
For example, if an OEM wants, it can allow only charging of a smartphone at public terminals that have undergone a validation check.
It is optional for OEMs to participate in the Authentication program as of now. However, those who deal with sensitive data and want to protect devices would soon adopt the standards.
