Not-for-profit organisation USB Implementers Forum (USB-IF) announced on Wednesday the launch of its USB Type-C Authentication Program, which aims to provide host systems the opportunity to protect against non-compliant USB chargers and to mitigate risks from malicious firmware in USB devices.
USB-IF's program will confirm the authenticity of a USB device, cable, or charger. All of this will occur right at the moment a connection is made to ensure that no inappropriate power or data is transferred, according to USB-IF.
The not-for-profit will work alongside DigiCert, who will manage the PKI and certificate authority services for the USB Type-C Authentication Program.
"As the USB Type-C ecosystem continues to grow, companies can further provide the security that consumers have come to expect from certified USB devices," USB-IF president and COO Jeff Ravencraft said.
Unsafe USB chargers and devices can affect IT systems, with the Guidelines on Cyber Security onboard Ships detailing two incidents where USB thumb drives led to a cyber-security incidents on board ships.
The USB Type-C Authentication solution will include: a standard protocol of authentication for USB Type-C chargers, devices, cables, and power sources; support for authenticating over either USB data bus or USB power delivery communications channels; products that use the authentication protocol and retain control over the security policies implemented and enforced; 128-bit security for all cryptographic methods; and specification references for existing internationally-accepted cryptographic methods in relation to certificate format, digital signing, hash, and random number generation.
Other organisations have also taken steps to protect their devices from USB issues, with Google adding a new security feature to Chrome OS in December to protect its Chromebook devices from malicious firmware in USB devices.
The new feature, named USBGuard, blocks access to the USB port access while the device's screen is locked.
Apple also rolled out a similar feature for iOS in July this year. iOS 11.4.1 included a new feature that required users to unlock their device after an hour of inactivity before allowing any activity over a USB port.
Source: ZDNet Downloaded: 20190103
0 Comments