USB chargers and devices are not only universally accessible, but they are very easy to use. But despite their increasing presence in the mobile sphere, these devices come with a host of potential security risks, namely the spread of malware from infected devices and data leakage should a device fall into malicious hands. To help mitigate these issues, the USB Implementers Forum (USB-IF) have launched the USB Type-C Authentication Program.
The program defines the optimal cryptographic-based authentication for USB-C devices and chargers. Any host system using this protocol will be able to confirm the authenticity of a device or charger, including descriptors and capabilities, right at the moment a connection is made. So say, for example, you’re concerned about charging your phone at a public terminal. Your phone could implement a policy only allowing a charge from certified chargers. A company, meanwhile, could set a policy for its PCs, giving them access only to verified USB storage devices.
At this stage, the program is simply a recommendation — there’s no mandatory implementation required, but its creation certainly points to future security requirements for USB-C, which USB-IF president Jeff Ravencraft believes is “the single cable of the future.” Indeed, as more product manufacturers adopt USB-C, nefarious individuals will be looking for ways to exploit their vulnerabilities, so the guidance marks an important contribution in enabling a secure system of compliant, interoperable products.