USB-C Authentication Spec Could Save Devices From Bad Cables
Late last year, Google engineer Benson Leung, part of the team that worked on the Pixel C, went on a crusade to scour Amazon for USB Type-C cables and test them for safety. The results were discouraging, even leading to the irreparable damage of one of Leung's computers. Taking note of the dire situation, the USB 3.0 Promoter Group, who developed the standard, are now proposing a new USB Type-C Authentication protocol that will protect such devices from the dangerous effects of poorly and incorrectly designed, as well as insecure, Type-C accessories such as cables and chargers.
Given the ubiquity of USB cables, one might presume that you can use any accessory or cable that advertises itself as USB-C compatible. However, considering how new the standard is, some are bound to get things wrong in the haste to generate profits. And when electricity and data are concerned, those could have dangerous consequences.
Leung knew that in theory but finally proved it to the public last February. A USB A to C cable that didn't carefully follow the Type-C spec and miswired the cables practically fried an important part of Leung's Pixel C, rendering practically useless. Following this incident, Amazon would ban Type-C cables that didn't correctly follow the standards in order to protect unsuspecting buyers.
The USB 3.0 Promoter Group is taking things a step finder and implementing safeguards right inside the USB 3.0 specification. To summarize, the Authentcation protocol will use cryptography in order to identify and authorize USB devices, be it cables or chargers or flash drives. Device makers can, for example, implement a policy that devices will only accept power from certain certified chargers only. Companies can even set similar policies for data storage, blocking USB drives from establishing data connections.
While also for the safety of consumers, the move could also be seen as favoring OEMs at the expense of third party accessory makers. An OEM, for example, could simply disallow any charger or cable that it didn't itself create. It is, perhaps, a bit too early to jump to those conclusions and it will all depend on how the protocol will be implemented and accepted by manufacturers.