Le 25 juillet 2016, 08:29 dans Humeurs • 0
USB group steps in with software solution to rogue USB-C cables
ROGUE USB TYPE-C CABLES could soon be caught before they fry things, thanks to an announcement from the group that designed the specification which is being ignored by so many.
The USB Implementers Forum (USB-IF) has announced the "USB Type-C Authentication specification", a set of software-defined rules that a device can use to protect itself from potential sizzlage.
The announcement explained that "host systems can confirm the authenticity of a USB device or USB charger, including such product aspects as the descriptors/capabilities and certification status. All of this happens right at the moment a wired connection is made, before inappropriate power or data can be transferred."
Concerns about USB-C safety have been championed by Google engineer Benson Leung, whose one-man crusade to single out shonky USB-C cables for sale on Amazon led to the sacrifice of his ￡1,500 Google Pixel C.
The new software promises a standard protocol for authenticating devices, cables and power sources, made over data bus or power delivery channels with products retaining previously set security policies.
It will use 128-bit security and standard cryptographic methods for certificate format, digital signing, hash and random number generation.
Of course, the premise of software-defined USB control is as old as time itself, or at least the Tesco Hudl 2, which suffered for a long time from a software 'feature' designed to stop you using the wrong charger, but which in reality stopped you using any charger at all.
“USB is well established as the favoured choice for connecting and charging devices,” said Brad Saunders, USB 3.0 Promoter Group chairman.
“In support of the growing USB Type-C ecosystem, we anticipated the need for a solution extending the integrity of the USB interface. The new USB Type-C Authentication protocol equips product OEMs with the proper tools to defend against ‘bad’ USB cables, devices and non-compliant USB chargers.”
The software, which could be embedded in any device or operating system, can also protect against malware hidden in a USB interface. However, equally, The INQUIRER wonders whether this software could itself be a target for hackers who could tell a benign USB cable to fry a device.
“USB-IF is unwavering in our mission to solidify USB Type-C as the single cable of the future,” said Jeff Ravencraft, USB-IF president and COO. “USB Type-C Authentication is an important contribution to enable a thriving ecosystem of compliant, interoperable products.”
Earlier this week, another team of Google engineers revealed a first draft for WebUSB, a protocol that will allow USB devices to communicate directly with the internet, offering the potential for true plug and play. μ