Your IT Consultant

More USB-C News: Improved Security

January 3, 2019

Yesterday I mentioned how USB-C connectors are helping us get to a standardized way to provide power and data transfer. Eweek has reported the announcement of the USB Type-C Authentication Program on January 2^nd. Malware delivered by a USB connection (in the old days devices would automatically open when connected) is a common attack point. There are even USB devices that act like keyboards and can automatically execute commands as if someone was sitting at the actual keyboard. There is also an attack called “juice jacking,” where a USB charging connection actually sucks data off of the device.

USB-IF President and COO Jeff Ravencraft wrote in a media advisory, "USB-IF [USB Implementers Forum] is excited to launch the USB Type-C Authentication Program, providing OEMs with the flexibility to implement a security framework that best fits their specific product requirements. As the USB Type-C ecosystem continues to grow, companies can further provide the security that consumers have come to expect from certified USB devices."

The specification defines an approach that validates a USB device as soon as it is plugged in and before other data or power is transferred. While this is not currently a requirement for future USB-C connections, I expect vendors to begin to roll it out soon as privacy and security are a growing concern.

E-mail:   Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com