USB-C to get security-focussed authentication program

In an attempt to battle malicious devices, the program aims to stop infection at the point of connection

USB Implementers Forum (USB-IF) has announced the launch of its own USB-C authentication program which provides an added layer of security for host systems before opening themselves up to data or power transfer via USB-C.

The program's features include a standard protocol for authenticating certified USB Type-C chargers, devices, cables and power sources, as well as support for authenticating over either USB data bus or USB Power Delivery communications channels.

It will also support 128-bit cryptographic security among other features, all of which will help reduce the likelihood of criminals exploiting USB connections, according to the non-profit organisation.

"USB-IF is excited to launch the USB Type-C Authentication Program, providing OEMs with the flexibility to implement a security framework that best fits their specific product requirements," said USB-IF President and COO Jeff Ravencraft. "As the USB Type-C ecosystem continues to grow, companies can further provide the security that consumers have come to expect from certified USB devices."

According to USB-IF, it selected DigiCert to manage the PKI and certificate authority services for the USB Type-C Authentication Program. DigiCert is a leading security provider for TLS/SSL, PKI and IoT solutions.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"DigiCert is excited to work with USB-IF and its CA Program Participants from the industry at large to provide the technical expertise and scale needed for the USB Type-C Authentication Program, and we look forward to implementation," said Geoffrey Noakes, vice president of IoT Business Development at DigiCert.

On Wednesday it was revealed that Google's ChromeOS would now provide the option to disable USB ports when the screen is locked to combat the issue of criminals plugging malicious devices into a machine and bypassing login screens.

These physical attacks, known as "Rubber Ducky" attacks, involve inserting a USB drive containing with a malicious payload which then tricks the computer into thinking its a harmless keyboard before unloading malicious code onto the system.

A similar string of attacks also struck select Eastern European banks last month in a cyber heist thought to have earned criminals tens of millions of pounds.

The attacks were carried out using Bash Bunnies, a program loaded onto USB devices such as the Raspberry Pi and then connected to USB sockets in meeting rooms located in the banks' buildings. Criminals were said to have posed as contractors or job applicants to gain physical access to machines before exploiting the network.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020