Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    USB Type-C to Become More Secure With Authentication Standard

    By
    SEAN MICHAEL KERNER
    -
    January 2, 2019
    Share
    Facebook
    Twitter
    Linkedin
      USB

      The security of USB-based connections and devices is taking a step forward, with the official launch of the USB Type-C Authentication Program on Jan. 2

      USB devices have become ubiquitous in modern computing, and in recent years USB Type-C has been introduced on leading notebooks, smartphones and other connected devices because it enables faster data transfer and more power delivery than the larger USB Type-A interface, which has been widely deployed. While USB devices and interfaces have been broadly adopted and used across the computing landscape, they have also introduced new risks, by simply plugging in a malicious USB device.

      “USB-IF [USB Implementers Forum] is excited to launch the USB Type-C Authentication Program, providing OEMs with the flexibility to implement a security framework that best fits their specific product requirements,” USB-IF President and COO Jeff Ravencraft wrote in a media advisory. “As the USB Type-C ecosystem continues to grow, companies can further provide the security that consumers have come to expect from certified USB devices.”

      In the early days of USB, many operating systems had default operations to open and enable the contents of a connected USB device, which is something that attackers have been able to exploit in the past.

      Malware delivered via USB is suspected to be the root cause of infection behind the Stuxnet virus that shut down Iranian nuclear centrifuges in 2010. Back at the Black Hat USA 2013 conference, security researchers demonstrated the MACTANS attack against iOS devices, where simply plugging an iOS device into a malicious USB charger could lead to malware infection. At Black Hat USA 2014, additional USB attack vectors were disclosed that could have potentially enabled USB accessories to infect vulnerable systems.

      One of the solutions to USB risks that has been implemented in recent years by operating system vendors is to not implicitly trust any USB devices on first run, instead requiring users to either trust or click a button to open and enable a given USB device. With USB Type-C Authentication, the USB-IF is going a step further, taking a cryptographic approach to helping protect USB users and devices against potential risks.

      USB Type-C Authentication

      The USB-IF is a multi-stakeholder organization tasked with advancing the state of USB specification and technology adoption. The USB Type-C Authentication Specification was first defined in 2016 as a mechanism to help confirm the identity and authenticity of a given USB device.

      With the authentication specification, compliance with USB specifications is validated in an effort to prevent potentially dangerous devices and chargers from connecting to a system. The specification can also limit the risk of malicious software that might be embedded within a USB device from attacking a system. According to the USB-IF, the authentication specification enables implementors of the standard to authenticate certified USB Type-C chargers, devices, cables and power sources. The specification defines an approach that validates a USB device as soon as it is plugged in and before other data or power is transferred.

      DigiCert

      The authentication program relies on cryptography to validate and digitally sign USB Type-C devices with 128-bit security. The USB-IF announced in November 2018 that DigiCert was selected to be the official registration and certificate authority operator for the digital certificates that will enable the USB Type-C Authentication program.

      DigiCert is well-known in the Public Key Infrastructure (PKI) and Certificate Authority market as one of the largest vendors in the space. DigiCert acquired Symantec’s Certificate Authority business unit in October 2017 in a $950 million deal.

      “DigiCert is excited to work with USB-IF and its CA Program Participants from the industry at large to provide the technical expertise and scale needed for the USB Type-C Authentication Program, and we look forward to implementation,” Geoffrey Noakes, vice president, IoT Business Development at DigiCert, wrote in a media advisory.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×