Since early last year, the USB Type-C standard has been trying to infiltrate your devices by marketing itself as a versatile, reversible, and someday universal replacement for the long-running rectangular USB format you’ve likely been accustomed to for the past decade at least. And, for a connector that wants to overtake something as familiar and beloved as the USB, it’s been faring pretty well actually.
In fact, the USB Type-C’s most problematic pitfall isn’t in the design of the connector itself, but in the hardware that utilizes it. Back in November, we reported that senior software engineer at Google, Benson Leung, starting reviewing “bad” USB Type-C cables after realizing that an excessive number of them simply didn’t work as they were intended to across all properly equipped devices. Worse yet, some of them were potentially hazardous, with evidence indicating that they could deal considerable damage to chargers, USB hubs, and even computers.
Today, the USB Implementers Forum, or USB-IF, announced the USB Type-C authentication specification at the Intel Developer Forum in Shenzhen, China in order to prevent this situation from getting worse, as well as to combat some unwanted malware that has begun showing up.
As Ars Technica reports, the new spec allows a host device, such as a phone or laptop, to recognize whether or not the USB Type-C connector has been certified by the USB-IF. It accomplishes this by using 128-bit encryption prior to even transmitting data or establishing a power connection.
While you may not think about how malware affects your USB devices, USB-IF said at the forum that, as an example, a bank that was concerned about the security of its USB flash drives could set up their computers so that they only work with drives marked with the bank’s own security certificates. Because the specification “references existing internationally accepted cryptographic methods for certificate format, digital signing, hash and random number generations,” USB-IF claims that it will not be difficult for organizations to make the switch from USB proper.
While USB-IF claims that support for the new specifications could be issued in a series of firmware and software updates at the discretion of OEMs, hardware without the ability to receive these kinds of updates will need to be replaced altogether.
Furthermore, a small “developer-only” update has been made to the USB Power Delivery spec that brings authentication spec support and USB Type-C Bridging that’s otherwise identical to the Power Delivery 2.0 spec.
The USB Implementers Forum has previously attempted to avert this threat by launching the USB-IF Compliance Program, which demanded that connectors be put through testing in order for developers to utilize the USB-IF logo in their marketing. This certification would thereby incentivize an effort towards universal compatibility with USB Type-C devices.
We have reached out to the USB Implementers Forum to hear more about this undertaking and will provide updates as they continue to emerge.