
USB Type-C to Become More Secure with Authentication Standard - CrankyBear
http://www.eweek.com/security/usb-type-c-to-become-more-secure-with-authentication-standard
======
geofft
This form of "authentication" smells like DRM, especially as they're using it
to limit power and they're using Digicert to sign devices. And if you're
speaking X.509 or something on both sides I'm intensely curious to see how
vulnerable the attack surface is.

The "authentication" that would actually help is to default to only allowing
charging through ports (and allow charging without authentication - who cares
where I get 65 W of power from? are there malicious electrons?), and show a
little "new device" authentication screen with a Bluetooth-style pairing
process when I connect something new. Then either burn an asymmetric key onto
the device or generate a random symmetric key (and leave the CAs out of it),
and on the host, bind the key to the current function of the device, as
displayed on the pairing screen. If I clicked "Trust this keyboard," don't let
it turn into a CD drive. If I clicked "Trust these headphones," don't let it
turn into a keyboard. And so forth.

~~~
karmakaze
Exactly. If it's a wired connection requiring physical access what is being
protected? For the benefit of which party?

~~~
geofft
I do want to be able to plug into public USB PD outlets, other people's
chargers, etc. confidently, and there is a legitimate security problem there.
Even though it's wired and physically adjacent it isn't necessarily trusted.
But that can be done without DRM.

~~~
warent
Even with some kind of authentication that doesn't change the fact that public
USB outlets can still be rigged to fry your machine. The likelihood of it is
probably incredibly small but I personally still wouldn't use public USB
outlets.

~~~
marcosdumay
I can trust a public outlet to not fry my phone. That is simple, if my phone
stays functional I'm good, and if it gets fried I take some real world
measures (go to small causes court, make a denounce to some government agency)
to get compensation.

The real problem on public outlets is with data attacks, not power. If I can
set my phone to ignore all the data at the first hardware level, and it is a
simple enough level that no attack is viable (that second one being a large
"if"), then there is no large problem anymore.

~~~
userbinator
_The real problem on public outlets is with data attacks, not power. If I can
set my phone to ignore all the data at the first hardware level, and it is a
simple enough level that no attack is viable (that second one being a large
"if"), then there is no large problem anymore._

My old no-name Android phone (not USB C) has such an option, and searching
around it seems to be a reasonably common feature, although not present on all
devices. It looks similar to this (mine has the same typo, "USB fuctions"):

[https://farm8.staticflickr.com/7485/16035739946_51d110ea40.j...](https://farm8.staticflickr.com/7485/16035739946_51d110ea40.jpg)

In charge-only mode it doesn't even enumerate as a USB device when plugged
into a computer with an active USB controller, so I suspect no attacks
(besides physical ones like overvolting as others here have mentioned) are
possible in this mode --- the USB controller on the device is completely
disabled.

~~~
ardy42
>> If I can set my phone to ignore all the data at the first hardware level,
and it is a simple enough level that no attack is viable (that second one
being a large "if"), then there is no large problem anymore.

> My old no-name Android phone (not USB C) has such an option, and searching
> around it seems to be a reasonably common feature, although not present on
> all devices.

I use one of these. The nice thing about the newer versions is that you can
verify the impossibility of a data connection through easy physical
inspection.

[https://www.amazon.com/PortaPow-3rd-Data-Blocker-
Pack/dp/B00...](https://www.amazon.com/PortaPow-3rd-Data-Blocker-
Pack/dp/B00T0DW3F8)

~~~
geofft
The problem with that is you also block the pins needed to negotiate power
delivery over USB C, so you're limited to 10 W (5 V * 2 A). Laptops that use
USB C for charging use C and not micro-B precisely because they need more
power than that.

------
kiddico
I'm torn with USB-C. We're finally getting some cool additions to the most
used standard (though I don't know If I like this one), but at the cost of
fragmenting it to the point that it's not so much a standard anymore.

USB-C inconsistency on the hardware side of things has been a meme by itself.
With this addition sometimes when you plug a device in it might not work
despite being the exact right device/port combination (which would be a
miracle on it's own even in the current environment.)

I don't know. Maybe in 5 years when we've glued on all the stuff we want from
this connector things will be okay. In the meantime though it's chaos.
Committee approved chaos.

~~~
jwr
I've come to believe that USB-C is a mistake that we will all regret.

USB-C enthusiasts are (from my experience) people who haven't really used it
much and think that they will be able to get around with a single cable and a
single connector standard.

People who actually tried to use it for a number of things quickly realize
that USB-C is just the name of the physical connector, which has nothing to do
with what the device supports, which in turn has nothing to do with what the
(unlabeled!) cable supports. There are no standards for labeling devices or
cables, so you quickly end up in a world where you have a bunch of cables and
devices all using a single plug, but you have no idea which device will work
with what. I daresay this is a _worse_ situation than having multiple types of
plugs and cables, because at least then you could set reasonable expectations.

Add to this the fact that there are no reliable hubs for USB-C connectors, so
you're basically stuck with what your laptop/computer offers, unless you want
to live in a world of crappy unreliable hardware (I don't).

~~~
coldtea
> _USB-C enthusiasts are (from my experience) people who haven 't really used
> it much and think that they will be able to get around with a single cable
> and a single connector standard. People who actually tried to use it for a
> number of things quickly realize that USB-C is just the name of the physical
> connector, which has nothing to do with what the device supports, which in
> turn has nothing to do with what the (unlabeled!) cable supports._

Well, I'm using it for my monitors, soundcard, power, iPhone/iPad charging,
Sony headphones, and external hard disks.

What exactly am I missing from the whole issue, since I don't seem to be
having any problems?

Can it be fixed by not buying crappy cables?

~~~
hahabrew
the problem that ^can^ occur is drawing overcurrent. usbc is supposed to
support higher power demands, and if your usb port cant pass the current
because its made of components too fine/resistive for the current being drawn,
then {P@FF!}

~~~
kevin_thibedeau
PD hosts are required to monitor and limit current draw. Any magic smoke
released is the fault of the host device, not the peripheral that tried to
draw too much current.

~~~
hahabrew
thats what i mean, and when they dont limit current draw because despite being
required to the design is cheaper faster not better, then thats it. you get
heat at the highest resistance so port gets very hot and undervoltage beyond
that resistance, so device gets wonky, unless it is regulated, to prop up the
voltage

------
nimish
Will most likely lead to Nintendo Switch style situations where the physical
port is USB-C but in actuality it uses a proprietary charger. Now they can
lock out third party docks/chargers.

Not a great situation.

~~~
zokier
It is not like you couldn't do crypto handshakes before this if you wanted to
lock down your system. Now it is just standardized.

~~~
opencl
HP at least was already doing it on their laptops. Though at least some models
later disabled the lock with BIOS updates.

~~~
singlow
My HP Spectre won't charge from non-HP usb-c chargers in Windows; or, at
least, it complains and says it won't charge. I haven't tested whether it
actually draws current or not since I only booted it once in Windows. However,
in Linux it charges fine at full-speed from non-HP charger with appropriate
wattage. It will not charge at all from several chargers that don't have the
necessary 90W capability.

------
xte
Ah, ok... I'll wait to see something like:

"hey this is a Samsung USB-C cable, you can't use it. Go buy an LG's one. They
are exactly the same except of authentication but we can't trust if otherwise,
it's for your safety!"

Than I'll wait for a crying herd of fanboys that proudly try to justify it
well pushed by marketing sheepdogs in disguise...

~~~
baroffoos
Same kind of justifications that get made for apple stuff "Oh you cant replace
the screen because we are protecting your security even though the replacement
screen came from another iphone.

------
thefounder
This is DRM and planned obsolescence all day long...just like with HDMI/HDCP
it will make user's life a pain not to mention more expensive. I'm sure all
the vendors are happy to advance new authentication schemes every year(i.e
like hdcp 1.0,2.0,2.1) and resell you the same devices.

------
kevin_thibedeau
> Malware delivered via USB is suspected to be the root cause of infection
> behind the Stuxnet virus...

Not exactly top notch reporting here. It is the OSs responsibility to lock
down access to I/O resources. Stuxnet was caused by the insecurity of Windows
Autorun, not USB.

------
amluto
The article seems to claim that this will protect against malware on USB
sticks. This is, obviously, utter BS.

Also, unless literally every “trusted” USB-C device has its key and its core
functionality on a secure chip, the bad guys will just compromise a signed
device and make it malicious. As far as I know, many, many USB devices can
have their firmware replaced with no authentication whatsoever.

~~~
Spivak
It's not perfect by any stretch but I do like the idea. One problem we have in
environments with strong security requirements is that peripherals, typically
USB sticks, need to be authorized and controlled. Since there's typically very
little information to actually uniquely identify devices, far too many USB
devices have the same serial number, we end up having to just ban them
altogether.

I welcome the world where machines trust my CA and someone who wants a USB
device just comes to me, signs the paperwork, and leaves with a signed device
that suddenly just works.

I mean pushing the security boundary to "someone with the knowledge to flash
USB firmware without corrupting the certificate" is pretty darn good.

~~~
amluto
> I welcome the world where machines trust my CA and someone who wants a USB
> device just comes to me, signs the paperwork, and leaves with a signed
> device that suddenly just works.

Digicert surely welcomes this world! I personally don’t expect Digicert to
have any real controls at all.

Also, right now, to put malware on a USB stick, you can just write malware to
it. To create a USB stick that has malicious firmware to attack the host
drivers, you need a USB stick that doesn’t protect its firmware or you need to
build your own. In the new world, this changes to, drumroll please, a USB
stick that neither protects its firmware nor wipes its key when new firmware
is uploaded. Or you can build your own and pay Digicert, or you can attack a
machine that doesn’t bother validating the signature because it wants to
retain compatibility with the billions of existing unauthenticated USB sticks.

Also, if devices need per-device keys, then I suspect that firmware upload
won’t wipe the key, since otherwise firmware upload mostly breaks the security
model unless some rather complicated checks on the firmware upload process are
done.

USB-C devices are _cheap_ , and they’re made by tons of vendors, many of whom
know about voltage conversion but not security. Heck, most of these vendors,
even big names like Nintendo, can’t even be bothered to speak the protocol
correctly.

------
kevin_b_er
This smells like a profiteering move for DigiCert. Now you need yet another
company's blessing to make hardware. A non-universal serial bus this is
becoming even quicker.

------
nixpulvis
I'm starting to think that merging the power and data connections was a REALLY
bad idea... Sometimes all I want to do is wire up something to a battery and
some resistors to at least get me online long enough to send something
important. Unless I'm missing something, that's getting harder and harder
every revision.

EDIT: Yea, I know I'l probably cause some amount of damage in the process.

~~~
bscphil
I have to agree. The fact that people have had devices destroyed by badly
designed cables and chargers is proof enough. I keep my laptops for years
after the manufacturers have stopped selling replacement parts. With older
Dells at least this means buying replacement batteries and AC adapters on
Ebay, and they're usually China-made generics not Dell originals. I have never
had a problem with this mess of different products together; pumping five amps
into one of my data ports knowing people have fried motherboards doing that
scares me.

~~~
Dylan16807
> The fact that people have had devices destroyed by badly designed cables and
> chargers is proof enough.

No it's not! Badly designed cables and chargers have been damaging devices via
power-only ports for decades.

------
karmakaze
The ideal solution from the vendors' perspective is to have a single hardware
standard with this standardized method of making compatibility vendor specific
so that we have the situation as with lightning cables but with cheaper
hardware costs. A standardized incompatibility standard.

------
nimbius
Speaking as an automotive mechanic by trade who just got into GPG and
letsencrypt this week, what application does this have?

I guess another question is, why did we need "secured" x509 USB? whos pushing
this standard?

For example, the Porsche 911 comes with single lug wheels...theyre exotic
enough to take their own special wrench, at four hundred dollars, for no real
reason other than 'racecar.' youll never race it at speeds where this F1 class
hardware matters, but hey, racecar.

~~~
est31
You might be able to use it to prevent BadUSB like attacks. Something looks
like an USB stick with data on it, you plug it in. The device tells the
computer that it's a keyboard and sends keypresses to install some virus or
something. [1]

I don't know about the particulars of this standard though, maybe it's just
some DRM thing and soon you'll have to buy expensive dell mice for dell
laptops or something like it's already the case with gamepads and consoles.

[1]: [https://srlabs.de/wp-content/uploads/2014/07/SRLabs-
BadUSB-B...](https://srlabs.de/wp-content/uploads/2014/07/SRLabs-BadUSB-
BlackHat-v1.pdf)

~~~
dcbadacd
In addition to any software (especially semiconductor vendor's) being
additional attack surface, if you already have connected your device to
something it could have already cause damage (Nintendo Switch situation, USB
Killers and etc.), not even considering "trusted" devices being faulty. The
only thing this provides is DRM.

------
rkangel
This article says that the USB-IF "is going a step further" with this
cryptographic authentication, which isn't quite right.

The 'I trust this device' system allows confirming that _you_ trust the
device. This crypto confirms that the USB-IF trust the device (and presumably
all they are asserting is that the device conforms to standard).

It's an interesting idea, and not a bad one. That's assuming the certificate
system is sound which I remain sceptical of until I know more, given the
normal issues with managing a single unrevocable private certificate.

------
SlowRobotAhead
>The authentication program relies on cryptography to validate and digitally
sign USB Type-C devices with _128-bit security_.

Seems... low, esp for an offline device that you can get hands on both sides
of. How many chargers are going to use as cheap a micro as possible for this?

Also, adding an encryption layer and further fragmenting - does have the
benefit that Apple may make iPhones with TypeC connectors... so, hooray?

------
angry_octet
@aionescu:
[https://twitter.com/aionescu/status/1080573780743749632?s=09](https://twitter.com/aionescu/status/1080573780743749632?s=09)

Why did they have to go down the 'trust' rather than 'distrust' route? It is a
completely different universe from the principle of least privilege.

------
akerro
Will this allow Nokia phones to be charged or set as tethering only on Windows
and iPhones only on Macs?

------
hanniabu
Seems like this might be able to be used to charge a fee to charge your phone
with public ports.

------
Havoc
Isn't it already crazy complicated?

------
exactly
Brace yourselves for the next UEFI Secure Boot " _Improvement_ " bonanza, and,
of course the accompanying Stuxnet backdoor.

Just like Spectre/Meltdown: half of all people will just shrug, completely
unsurprised, when the inevitable zero day drops. And the split between those
that find the sky falling, will be the clueless and the plants. Whatever.

------
James_Owens_69
I don't own any USB C devides and I don't know anyone who does. Let this meme
die please. That crap ain't universal.

