Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    USB Type-C to Become More Secure With Authentication Standard

    By
    Sean Michael Kerner
    -
    January 2, 2019
    Share
    Facebook
    Twitter
    Linkedin
      USB

      The security of USB-based connections and devices is taking a step forward, with the official launch of the USB Type-C Authentication Program on Jan. 2

      USB devices have become ubiquitous in modern computing, and in recent years USB Type-C has been introduced on leading notebooks, smartphones and other connected devices because it enables faster data transfer and more power delivery than the larger USB Type-A interface, which has been widely deployed. While USB devices and interfaces have been broadly adopted and used across the computing landscape, they have also introduced new risks, by simply plugging in a malicious USB device.

      “USB-IF [USB Implementers Forum] is excited to launch the USB Type-C Authentication Program, providing OEMs with the flexibility to implement a security framework that best fits their specific product requirements,” USB-IF President and COO Jeff Ravencraft wrote in a media advisory. “As the USB Type-C ecosystem continues to grow, companies can further provide the security that consumers have come to expect from certified USB devices.”

      In the early days of USB, many operating systems had default operations to open and enable the contents of a connected USB device, which is something that attackers have been able to exploit in the past.

      Malware delivered via USB is suspected to be the root cause of infection behind the Stuxnet virus that shut down Iranian nuclear centrifuges in 2010. Back at the Black Hat USA 2013 conference, security researchers demonstrated the MACTANS attack against iOS devices, where simply plugging an iOS device into a malicious USB charger could lead to malware infection. At Black Hat USA 2014, additional USB attack vectors were disclosed that could have potentially enabled USB accessories to infect vulnerable systems.

      One of the solutions to USB risks that has been implemented in recent years by operating system vendors is to not implicitly trust any USB devices on first run, instead requiring users to either trust or click a button to open and enable a given USB device. With USB Type-C Authentication, the USB-IF is going a step further, taking a cryptographic approach to helping protect USB users and devices against potential risks.

      USB Type-C Authentication

      The USB-IF is a multi-stakeholder organization tasked with advancing the state of USB specification and technology adoption. The USB Type-C Authentication Specification was first defined in 2016 as a mechanism to help confirm the identity and authenticity of a given USB device.

      With the authentication specification, compliance with USB specifications is validated in an effort to prevent potentially dangerous devices and chargers from connecting to a system. The specification can also limit the risk of malicious software that might be embedded within a USB device from attacking a system. According to the USB-IF, the authentication specification enables implementors of the standard to authenticate certified USB Type-C chargers, devices, cables and power sources. The specification defines an approach that validates a USB device as soon as it is plugged in and before other data or power is transferred.

      DigiCert

      The authentication program relies on cryptography to validate and digitally sign USB Type-C devices with 128-bit security. The USB-IF announced in November 2018 that DigiCert was selected to be the official registration and certificate authority operator for the digital certificates that will enable the USB Type-C Authentication program.

      DigiCert is well-known in the Public Key Infrastructure (PKI) and Certificate Authority market as one of the largest vendors in the space. DigiCert acquired Symantec’s Certificate Authority business unit in October 2017 in a $950 million deal.

      “DigiCert is excited to work with USB-IF and its CA Program Participants from the industry at large to provide the technical expertise and scale needed for the USB Type-C Authentication Program, and we look forward to implementation,” Geoffrey Noakes, vice president, IoT Business Development at DigiCert, wrote in a media advisory.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×