USB Implementers Forum (IF) has announced its type c security authentication program to fight malware.
The type c authentication program aims to reduce the risk of hackers exploiting USB ports to install malicious software.
The program supports 128 bit cryptographic security and will introduce a standard protocol for authenticating certified USB type-c chargers, cables and power sources as well as support for the authentication of USB data bus or USB power delivery communication channels.
The new comes after Google confirmed that Chrome OS will feature a ‘USBGuard’ option that will block USB port access to new USB devices being plugged in while the Chrome OS device is locked.
Both of these security measures are designed to prevent ‘rubber ducky’ attacks: keystroke injection tools disguised as generic flash drives that tell the OS that they are a human interface device (like a keyboard).
Once inserted into a USB socket,, ‘rubber ducky’ devices can inject pre-programmed keystroke commands and deliver malicious commands and malware to unsuspecting devices.