USB-C getting new safety mechanism to stop cables frying phones

Posted Apr 13, 2016 by James Walker
USB-IF, the group responsible for managing the standards surrounding USB ports, cables and connectors, has announced it is developing new cryptographic authentication features to put an end to the recent rise in dangerous non-compliant USB-C cables.
Rendering of a USB Type-C cable
Rendering of a USB Type-C cable
The technology will allow future USB-C compatible devices, including PCs, tablets and phones, to automatically verify that a connected cable or accessory adheres to the USB specification. If a non-compliant cable is detected, the device will be able to safeguard itself and avoid sustaining permanent damage.
The news comes after months of warnings from researchers that poorly built USB Type-C cables pose a serious risk to devices. Google engineer Benson Leung has been reviewing cables sold on Amazon, finding a large number use incorrect resistor values and could overcharge or fry any device they are connected to. One cable destroyed Leung's laptop within seconds of plugging it in.
USB-IF intends the new cryptographic tech to be used in other scenarios too. With devices able to verify the identity of connected accessories, users will be able to prevent potentially malicious thumb drives from attacking their system.
By example, USB-IF outlined how a bank could configure its PCs to only transfer data to USB drives that are able to provide its security certificate. Without the security certificate embedded in the firmware, the USB drive would be disabled. The approach would combat the increasing amount of malware using USB as the primary attack vector.
The authentication standard features a unified protocol to verify the identity of USB Type-C chargers, devices, cables and power sources. It is based around existing 128-bit encryption techniques and implemented over USB data and power connections, enabling the authentication to guard against malicious chargers.
"USB is well-established as the favored choice for connecting and charging devices," said Brad Saunders, USB 3.0 Promoter Group Chairman. "In support of the growing USB Type-C ecosystem, we anticipated the need for a solution extending the integrity of the USB interface. The new USB Type-C Authentication protocol equips product OEMs with the proper tools to defend against ‘bad’ USB cables, devices and non-compliant USB Chargers."
Amazon recently banned the sale of non-compliant USB Type-C cables from its site in the wake of research by Leung and others. Amazon's sales guidelines now explicitly ban USB Type-C products from being listed on Amazon Marketplace in an attempt to protect consumers from the dodgy cables.
It is almost impossible to tell whether a cable is potentially dangerous just by looking at it. Major brands have been affected by the rash of incorrectly manufactured cables, making it hard for consumers to work out which products are safe.
In the future, phones will be able to automatically deny faulty products, preventing customers from destroying their devices by plugging in a cable. USB-IF said the new authentication could also be added to existing smartphones with a firmware update, helping early adopters of USB Type-C to use the tech safely.