14 DAY TRIAL // A new USB Type-C Authentication Program is being proposed and developed by USB-IF, making it possible for companies to implement cryptographic-based authentication for USB Type-C chargers and devices.
USB-IF is a non-profit build specifically for the development of the USB standard, and it’s being supported by companies such as Microsoft, Intel, Apple, HP, and many others. It’s safe to say that whatever standard they are adopting, it’s probably going to be used by pretty much everyone.
As it stands right now, any company can make its own chargers and cables, while using the USB Type-C standards. While this sounds like a good idea, it can also be used by people who want to exploit a USB connection with the help of malicious hardware, for example.
It’s not all good
The idea behind the new USB Type-C Authentication Program is to allow OEMs more control over chargers and cables. More security is always a good thing, right?
“USB Type-C Authentication empowers host systems to protect against non-compliant USB chargers and to mitigate risks from malicious firmware/hardware in USB devices attempting to exploit a USB connection. "
"Using this protocol, host systems can confirm the authenticity of a USB device, USB cable or USB charger, including such product aspects as the capabilities and certification status. All of this happens right at the moment a connection is made – before inappropriate power or data can be transferred,” notes the announcement from USB-IF.
It seems a noble goal, but that’s only in theory. In practice, if this particular measure is going to be adopted, we’ll suddenly see a surge in charger and cable prices. Because only the original ones will work with your phone, OEMs are going to charge more.
There are a few companies out there with certifications to make chargers and cables, but the smaller ones won’t be able to survive.
As the online community has already figured out, the new standard could also open the way for a new type of DRM-like feature. It’s possible that some chargers will only work with the phones made by the same company, and with nothing else.
While it might not be a problem all over the world, such measures would surely be against the law in the European Union, who’s been pushing for a single standard, usable by anyone.
There doesn’t seem to be a timetable attached to this new type of authentication, and it remains to be seen how the rest of the companies that are not part of USB-IF will receive the news.