Today, the USB Implementers Forum officially launched theUSB Type-C Authentication Programto set a standard for type-C USB device for improved security.
Presently, there is no standard to determine the authenticity of USB Type-C connectors, and this poses a challenge for system administrators; they have to take additional measures to prevent the exploitation of USB ports.
At the moment, anyone can add hardware components in the USB cable fordisabling the unused portsand running malicious activities in the background. Moreover, such modifications in the cable are difficult to notice, which further makes it too easy to exploit USB devices.
The USB Type-C Authentication program allows OEM tocertify that USB Type-C productsoffered by them are fool-proof against the commonly used hardware attack methods.
128-bit encryptionwill be deployed in the certified devices to ensure that no modifications have been made in the cable.DigiCert, a US-based company that issues SSL certificates to websites, will provide public key infrastructure and will also manage CA program participants.
Certainsoftware policieswill be imposed on Type-C devices that will allow OEMs to restrict certain USB functions on the basis of the certification status.
For example, if an OEM wants, it can allow only charging of a smartphone at public terminals that have undergone a validation check.
It isoptional for OEMsto participate in the Authentication program as of now. However, those who deal with sensitive data and want to protect devices would soon adopt the standards.
