New USB standards make cables and devices more trustworthy

A while ago, Google engineer Benson Leung ran into a small problem with a USB 3.0 cable he got from Amazon: it fried his Chromebook Pixel. Leung's experience helped raised awareness of potentially dangerous cables and devices, and his research has spurred similar efforts from various corners of the internet. It seemed only a matter of time, then, that the USB Implementers Forum would address this issue. The USB-IF has now added new specifications and a certification process for two particular features: USB power delivery and USB Type-C authentication.

To earn the updated USB logos, devices and cables must meet the USB-IF's strict standards for power negotiation and delivery. Some might see this move as an unnecessary precaution and burden on manufacturers, but Amazon has already gone as far as to stop sales of non-compliant USB 3.0 cables and adapters. Hardware meeting the new specification can use the updated USB logos, which depict a battery behind the usual graphics.

For USB authentication, the USB-IF is reportedly relying on good ol' digital signatures—or, in the organization's own words, using "existing internationally-accepted cryptographic methods." With authentication enabled, hosts can elect to only communicate with devices that present a valid digital signature. Authentication between hosts and devices is arguably a necessary feature these days, given that researchers have proven that it's possible for a malicious USB device to snoop data and possibly even take control of its host or other devices. With USB authentication on, it'll be much harder for a rogue device to get up to no good.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.