The adoption of USB-C is clearly growing rapidly. Google has implemented the technology in its latest Nexus devices and Pixel C, Apple has in its MacBook, Microsoft has in its Lumia 950 series flagships, Samsung has in its Galaxy TabPro S tablet, and many more have used the standard.
Yes, just about every major player has implemented USB-C in one form or another. Technologists rejoiced, until Google engineer Benson Leung began buying USB-C cables on Amazon and testing them. As it turns out, many of them were faulty to the point where they could physically damage your device.
The USB Implementers Forum (USB-IF) has a solution, which will be a USB Type-C Authentication specification. Here are the key factors of the solution:
A standard protocol for authenticating certified USB Type-C™ Chargers, devices, cables and power sources
Support for authenticating over either USB data bus or USB Power Delivery communications channels
Products that use the authentication protocol retain control over the security policies to be implemented and enforced
Relies on 128-bit security for all cryptographic methods
Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation
So what does it all mean? It means that a certified USB-C cable will be able to tell your device that it's certified using 128-bit security. You will also be allowed more granular control over what USB devices can do and what uncertified devices can do.
Of course, this brings into question existing USB-C hardware supporting the new standard. An existing USB-C device could receive a firmware update, as could some USB-C peripherals. Unfortunately, existing cables are out of luck.
It's going to be up to OEMs to decide if they want to implement the standard, but one thing is clear. There is a problem with USB-C as it currently stands, and it needs to be fixed.
Source: USB-IF via Ars Technica
25 Comments - Add comment