The new USB Type-C standard is great, as cables are reversible so it does not matter if you connect them up or down, it can handle USB 3.1 data speed, as well as carrying video and up to 100W power thanks to USB-C power delivery. In theory all is great, but in practice, many USB-C cables are not compliant, and Benson Leung, a Google employee, has found that many USB-C cable sold on Amazon were not compliant, with even one damaging his Pixel 2 laptop and two USB PD analyzers.
His reviews on Amazon, as well as customer complaints, probably lead the company to ban the sale of non-compliant cable or adapter, but to really mitigate the issue, a technical solution was needed, and that’s why the USB 3.0 Promoter Group has defined the Authentication Protocol for USB Type-C as part of the USB Power Delivery 3.0 specifications.
Key characteristics of the USB Type-C Authentication solution include:
- A standard protocol for authenticating certified USB Type-C chargers, devices, cables and power sources
- Support for authenticating over either USB data bus or USB Power Delivery communications channels
- Products that use the authentication protocol retain control over the security policies to be implemented and enforced
- Relies on 128-bit security for all cryptographic methods
- Specification references existing internationally-accepted cryptographic methods for certificate format, digital signing, hash and random number generation
Authentication will check the capabilities and certification status, before transferring user data and power. This will also prevent malicious embedded software or hardware to exploit a connection.
At least that’s the plan. I understand existing devices with USB-C port will be able to get a firmware update to support USB-C authentication, but obviously many devices will never be updated, so in the meantime you’ll have to be cautious, and one way to protect your devices from bad USB-C cables or adapters is to purchase one from Benson Leung Amazon list, which he has personally tested.
Via Liliputing and Arstechnica.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.