Apple wants to make it harder for its customers to use cheap USB-C cables — and it’s for your own good.The risks of USB-C cablesCables are complicated
Apple wants to make it harder for its customers to use cheap USB-C cables — and it’s for your own good.
The risks of USB-C cables
Cables are complicated, and that’s why friends don’t let friends connect cut-price or otherwise unverified USB-C cables to their systems — and soon, you won’t be able to.
Apple has warned its users to avoid using low-quality equipment for years. It was only in 2016 that it was revealed that hundreds of chargers at that time sold on Amazon and advertised as being made by Apple were in fact dangerous fakes.
These fakes were likely to cause electric shock or burst into flames if exposed to high voltage, typical in the event of a power surge.
Not only might cheap cables be poorly made and liable to accidentally damaging your device or setting themselves on fire, but there are other risks.
Modified cables are also sometimes used as an exploit attempt by hackers eager to install malware inside of your devices. That’s even before we look at systems that use USB to penetrate device security to steal your data, or USB thumb drives used as exploits in organised attacks against key infrastructure.
With so much enterprise and personal data stuffed inside our devices, most right-thinking people will want to protect themselves against any of these threats.
So, it seems, do the manufacturers, with Apple and other members of the USB Implementer’s Forum (USB-IF) announcing plans to introduce a USB-C authentication program they hope will help protect us against these risks.
How does USB Type-C authentication work?
The USB Type-C Authentication Program is a scheme in which computers, smartphones, and other “host systems” will be able to identify USB-C cables that don’t meet the grade.
When in place, it will work like this:
- You plug the cable into your device.
- The system scans the cable to confirm it complies with the restrictions of the scheme.
- If the cable does not comply, then it just won’t work — data won’t be transferred between the cable and the host system.
- Alternatively, power may be transferred but data will not be. Power transfers may be peaked at a lower level to protect against overheating if using an unauthorized charging system, for example.
- This protection will extend across cables, connected devices and chargers.
What’s really important is that this protection is put in place before any power or data is exchanged between the systems. The certification authority is DigiCert.
What this means for enterprise users
Enterprise users know their data is at risk.
Data stacks are driving infrastructure, proprietary data collections will drive future business opportunity, and recent events have underlined how these collections of information can be abused to create incredibly difficult to fix problems.
Getting hold of that information is a big business — all three of the following attack vectors will have been exploited in order to access data — either by injecting malware to gather data and send it back to a central command server or to penetrate device security in another way.
- USB power points in airports and other public spaces
- USB devices, including USB keys
- USB used as a route into devices to get to the data they contain
The USB-IF decision is a big step toward ensuring your valuable enterprise data is not stolen, damaged, or subjected to ransomware as a result of those types of attacks.
Apple already does something like this.
iOS 12 introduced a new feature called USB Restricted Mode. You control this feature in Settings>Face ID & Passcode in the Allow Access When Locked section using the USB Accessories tool.
In part, Apple’s decision to introduce these controls reflects its crystal-clear commitment to privacy in a connected age.
That’s the same commitment that means it is developing AI solutions that work at the edge, on your device.
However, it’s a commitment that is also driven by all the many instances in which systems have been damaged or in some cases, fires started through use of poor-quality cheap recharging systems.
I doubt there are any manufacturers that want to be seen as responsible if someone is hurt or their property damaged because the device they were charging caught fire because its power adaptor was unsafe.
Running backwards to stand still
What is interesting about this pan-industry initiative is how much it reflects that after a certain amount of time, players in any industry are forced to expend increasing quantities of resources securing their existing perimeter simply in order to stand still.
That’s the nature of most empires, of course: They reach a point at which they can no longer manage and finance their own expansion, at which time they must begin to contract. History shows us this tends to be how things work.
Meanwhile, initiatives like this one should help make most of us feel a little more secure that some technology companies care enough to invest in helping us keep our data safe.
We should probably ignore the ones that don’t care about this.