Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Hardware

Free Software Will Help Detect Faulty and Malicious USB-C Cables 113

Reader Mickeycaskill writes: The USB 3.0 Promoter Group, of which HP, Intel and Microsoft are members, has developed authentication protocols for USB-C and will offer free software to detect faulty or malicious cables.This tool will alert users if they are using a non-authenticated cable. It has been suggested that hardware manufacturers could ship devices with an authentication system already installed. It is hoped that the specification will help end a number of recent incidents where sub-standard cables have either ripped off buyers or damaged devices. Most recently, Amazon said it would be adding USB-C cables and adapters that do not comply with standard regulations to its list of prohibited electronics items.
This discussion has been archived. No new comments can be posted.

Free Software Will Help Detect Faulty and Malicious USB-C Cables

Comments Filter:
  • Apple can use this to lock in
    $20-$30 cables
    $30-$50 USB3 TB / MINIDP to DVI / VGA / HDMI.
    $20 USB3c to USB.
    $30 USB3 to GIG-E.

    • Apple already has a hardware-based authentication baked into the MacBook that supports USB-C, so this software-based approach won't really change anything for them. All it may do is help USB-C become more widely-adopted, which is something we should all want, given the benefits it provides over its predecessors.

      As for Apple making ridiculously expensive dongles and adapters, they'll do that regardless of any sort of lock-in. Just look at Lightning cables. You can buy MFi (Made for iPhone) Lightning cables f

      • by Lumpy ( 12016 )

        Significantly more?

        http://www.amazon.com/s/ref=nb... [amazon.com]

        Apple cable $7.50
        Amazon Basics cable $7.99

        I love it how you apple haters make up shit to try and prop up your hate.

        • by Anubis IV ( 1279820 ) on Wednesday April 13, 2016 @12:09PM (#51901017)

          You're factually wrong on so many counts that it's not even funny.

          A) The cables you're comparing are different lengths. 1m for the "Apple" cable [amazon.com] vs. 2m for the Amazon cable [amazon.com]. No wonder it's cheaper.

          B) That "Apple" cable is being sold by a third-party [amazon.com] via Amazon. Apple doesn't sell a single one of their products directly via Amazon. Buyer beware.

          C) To compare apples to Apples, an actual 2m Apple cables [apple.com] costs $29 ($19 for 1m), not the $7.50 you suggested it was.

          D) If you want to whip out your Apple e-peen to see if it's bigger than mine, I'd wager good money I have you beat. Macs have continuously been my primary computers since the late '80s. A Mac Classic, Performa 400, PowerMac G3 300, Titanium PowerBook DVI, HiRes Aluminum PowerBook, 2008 Mac mini, 2011 Mac mini. My wife uses them, my parents use them, my siblings use them, and my wife's siblings and parents do too. Likewise for phones and tablets: iPhone 3G, iPhone 4, iPhone 5s, iPad 2, and iPad Air 2. I could list off Time Capsules, Airport base stations, and other accessories too, if you'd like.

          I use Apple products on a daily basis and absolutely love them (we're planning to buy an iPhone SE this weekend, in fact, assuming they're in stock), but there's no (sane) way to deny that actual Apple dongles and cables are far more expensive than their generic counterparts. It's no different than the advice we'd give people about BTO RAM upgrades: do it yourself after buying from a third-party.

          So, as someone whose love for Apple likely runs far deeper than yours: stop with the lies and misinformation, since it makes us all look like we have no clue what we're talking about.

        • the Amazon cable is twice the length.

    • Er what? You do realize that Apple already owns the patents and designs to their own Lightning cables right? As such they can change whatever they want for their own cables. You also realize that USB C is an industry standard controlled by consortium company that Apple does not own as well, right? How they hell can Apple lock in someone else's standard, again? Sure Apple can charge $20 for USB-C cables like Monster charges $100 for an HDMI cable but that does not make it a lock-in.
    • I must remember to ask the wife if she has powered up the iPad we were given last year. I certainly don't want to give them my credit card details for that, and I don't think she could handle the user interface.
  • Why bother to name those particular three?

    • by Anonymous Coward

      They probably paid the most for the press release

  • by Anonymous Coward

    'Non-authenticated cables'?! what dystopian hell have I awoken in?!

    • You are aware of the work of Benson Leung [androidpolice.com], a Google engineer who has been doing his own testing on USB C cables and found many of them do not meet the standard specifications and are considered dangerous. He himself fried his computer trying to test them as a sign of how bad the problem is today.
      • Yes... but. (Score:4, Interesting)

        by neurojab ( 15737 ) on Wednesday April 13, 2016 @11:24AM (#51900635)

        There have been bad cables out there that put in the wrong spec resistor or are otherwise mis-wired. However, I don't agree that "authenticating" the cables is the answer. The word "authentication" implies that there will be key exchanges involved, which puts all the pieces into place for vendor lock-in (i.e. LG devices only charge with LG certified cables, etc... ), not to mention additional cost and complexity. I for one already have a selection of USB-C compliant chargers and cables (yes, using Benson's spreadsheet). Will those be accepted by new USB-C devices supporting this specification? Will there be a supply of cheap USB-C cables that support this "authentication" AND work with every device vendor? I doubt it on both accounts. I prefer Benson's approach of shaming the vendors that don't follow the spec.

        • There have been bad cables out there that put in the wrong spec resistor or are otherwise mis-wired.

          Um no. Some of these cables are just poorly made and do not pass the USB C specification but may say that they do. Just remember Apple had to address counterfeit chargers a while back.

          The word "authentication" implies that there will be key exchanges involved, which puts all the pieces into place for vendor lock-in (i.e. LG devices only charge with LG certified cables, etc... ),,

          Why would you think that? DVD movies are authenticated and do not involve vendor lock-in or key exchanges. Remember this is USB not LG proprietary cables. Can this system be defeated? With 128 bit security, probably, however the point it to raise the bar of manufacturing so that cheap knock-offs are not likely.

  • by YesIAmAScript ( 886271 ) on Wednesday April 13, 2016 @10:47AM (#51900265)

    People get tired of USB being affordable and pine for a more Firewire-type system?

    Why are we hoping for authenticated cables?

    • My thoughts exactly. What we actually need is cheap hardware testers, available at any store so the consumer can test the cables before bringing them home. Online stores could state more confidently their cables were actually tested too.

      • The hardware testing functionality could be added into the actual devices that use the cable. So you plug in sketchy cable X and your device measures performance and rejects using it.

        Instead, this is sounding more like a whitelist deal.

        • It doesn't justify the cost... you only need to test the cable once, when you're buying it. If your work involves dealing with lots of cables, then buy a tester.

    • by tlhIngan ( 30335 ) <slashdot&worf,net> on Wednesday April 13, 2016 @11:25AM (#51900643)

      People get tired of USB being affordable and pine for a more Firewire-type system?

      Why are we hoping for authenticated cables?

      It's not really DRM. The "authentication" information is more an informational block - like EDID in monitors, SPD in memory modules and such.

      The reason is it allows for smarter management. A USB-C charger can provide up to 100W of power, but you need some way of telling the device that it's available, and the current methods are generally quite... crappy. But you also don't want to have the charger implement a full USB stack. So you implement this mechanism and it tells you how much power you can draw. And if you use a crappy USB cable that doesn't put in the resistors correctly, you could detect that as well and charge at the agonizingly slow rate, while displaying a dialog to change the cable to a certified one because it's wired incorrectly.

      Basically this whole thing stemmed from that Google guy reviewing all the USB-C cables out there, and finding a huge number of them were pretty awful and resulting in crippled charger performance, if the devices could charge at all.

      It's less about tying products and accessories together and more about being able to tell the user that the $1 USB-C cable they bought is incorrectly manufactured and to expect problems like slow charging or slow data transfers.

      • The whole thing stemmed from the standards body, creating a USB 3.0, AND a USB 3.1 Spec, along with Cables being allowed to only conform to select parts the USB 3/3.1 spec, along with the Lightning Cable coopting the USB 3.1 form-factor, The non-full spec cables will have an icon or two different on the box (if it even has a retail box) and will be visually indistinguishable from cables that actually implement the whole 3.1 spec also indistinguishable to 3.0 cables that fully implement the 3.0 spec.
      • We see thumb drives with firmware written to lie about their capacity and throw away data. Why would we expect this to not be spoofed? And how is software going to validate a cable without it being plugged in -- at which point the damage may have already been done?
    • by Nemyst ( 1383049 )
      This isn't about DRM, it's about having a cable that respects the spec. When the spec was low-power, low-risk (like USB2), it wasn't that bad to have a bad cable, but USB3 can deliver over 100W. A bad cable can start fires.
    • It's not DRM. Cables that support the more advanced features of USB-C (such as super speed, alternate modes, high power delivery levels etc) have a small microcontroller inside them which informs the host about what the cable is able to do. This is not required for cables that only support USB low/full/high speed. If this was not present, then a host can't decide whether the cable connecting it to the device is going to fry if it sends 50W of power down it. But the cable just reports and ID and capabilities

  • For me, this currently seems like a joint venture of trying to get cheap competition out of the market: you must join the cartel in order to be "certified", but once you are, you can do what you want.

    There is no additional protection for the user who doesn't trust that cartel.

    What about not auto-mounting a smartphone? You don't need to mount anything when you connect to a charging device. Also helps if you connect your smartphone to a stranger's computer to charge it.

    You would still need encryption if you i

  • Mallicous? (Score:2, Insightful)

    by Virtucon ( 127420 )

    So the cables are deliberately causing fault or do you mean the manufacturers? It's hard for me to believe than an inanimate object has malicious intent.

    • Pedantic isn't us?
      • Well I'm talking specifics. I mean the next thing I'll read on slashdot is that "USB C cables leap out of drawers and strangle their owners"

        That would be malicious and a boring sci-fi story. Wait they made two sharknado movies, never mine.

    • So the cables are deliberately causing fault or do you mean the manufacturers? It's hard for me to believe than an inanimate object has malicious intent.

      Or maybe it wasn't the manufacturers but the designers, or maybe the transport company tampering with them, or maybe the warehouse opening them up and modifying them, or maybe the store deliberately causing fault...we must ensure all bases are covered because otherwise nobody will be able to understand.

      • Probably the controllers embedded in the cable will have eeprom elements that are vulnerable to cosmic rays, and also subject to the medium-term 'eprom alzheimer' issue that older eproms have.

        So your cables will die in a decade or so.

        Wonderful. Not that it matters, of course, because who would be dumb enough not to pitch out their tech gear every two or three years, right?

        • Probably the controllers embedded in the cable will have eeprom elements that are vulnerable to cosmic rays, and also subject to the medium-term 'eprom alzheimer' issue that older eproms have.

          And who could be responsible for that? Better add them to the possible "malicious" parties, wouldn't want anybody getting confused now.

  • Comment removed based on user account deletion
  • What problems do non-authenticated cables cause?
  • by Lumpy ( 12016 ) on Wednesday April 13, 2016 @11:05AM (#51900429) Homepage

    when you cables need to be "authenticated"....

    Honestly, Everyone bitches about Apple, but the rest of the world is doing the same fucking thing, my cable should not have to authenticate to anything. and should just contain plastic, metal connector pins and copper wires to take it to the other end.

    • by Ksevio ( 865461 )
      Maybe if it's just carrying basic signals, but usb type c is designed to do a lot more so you may not know the capabilities of the host or connection. While it's designed to carry 100w of power, you may want a cable just to connect a webcam that could be a bit thinner and cheaper. You wouldn't want to burn out your cabling by plugging that into a wall. Sure you can hook up a VGA cable, a serial cable, a couple PS2 cables, a parallel port cable, and a DC power adapter - but wouldn't you rather just have o
      • Yes, I just want one cable type. Preferably it will be made with stranded 10 gauge copper wire, so that it can not only carry data, but also immense amounts of power. And the universal plug might be a 1 x 3 inch rectangular nightmare, but it will do anything we want.

        • by Ksevio ( 865461 )
          That might be great for hooking your desktop PC to your VCR, but modern electronics are small and require small cabling and small connectors
  • Proprietary, vendor-approved cables only?! Take My Money!!!
  • by Anonymous Coward

    to save a couple cents worth of clamping diodes and fuses per USB port...

  • Is it worth it? (Score:5, Insightful)

    by Hentes ( 2461350 ) on Wednesday April 13, 2016 @11:14AM (#51900531)

    USB has become succesful because it was cheap and simple to use and cheap and simple to manufacture. It seems to me that USB-C is getting further and further away from that by the day. Maybe different use cases require different solutions, maybe there is no such thing as a 'one universal cable' that can combine the advantages of all the others without the disadvantages. It seems like USB just wanted to replace lightning on Apple stuff, and does not care about PC users who don't have a fortune to waste on a piece of wire. Which is not even just wire anymore, it contains its own electronics, losing all the elegance and simplicity tha made USB great.

    • Yes, it probably is.

      I have been developing on the embedded side of USB since V1.1. The reality is that the protocol has been remarkably successful because it was designed reasonably well right at the start. This meant that each successive extension to the standard was able to do so in a way that preserved backwards compatibility with older standards. The benefit of this now is that if you don't want the new features of USB-C (super-speed, power delivery) then upgrading your device to USB-C is as easy as cha

  • How useful is this? It seems like it would lock out competing low-cost cables while not dealing with the really bad ones. If a cable has a fault which will fry your computer/port, software isn't going to help much by that point.

    A hardware device might work better.

  • Just, no. (Score:4, Insightful)

    by freeze128 ( 544774 ) on Wednesday April 13, 2016 @11:22AM (#51900607)
    No. No, no, no!

    The *LAST* thing we need is a USB cable with active components in it. It's almost bad enough that some charging cables have a small resistor in them, because now there are a million different standards of them.

    Also, if the ground and power wires are swapped at one end like the cable that killed the chromebook of that google employee, then no software is going to help at all. As soon as you plug it in, it will already have damaged your hardware.

    Here is what we *DO* need: USB cables that are transparent so you can SEE the colors of wire going to the pins of each connector. *THIS* is what will prevent damage due to bad cables. Your "software" is not needed, and wouldn't help anyway.
    • Here is what we *DO* need: USB cables that are transparent so you can SEE the colors of wire going to the pins of each connector. *THIS* is what will prevent damage due to bad cables. Your "software" is not needed, and wouldn't help anyway.

      Or... you know... purchasers who aren't going for $.03 "USB3c 15ft MAXBESTDEALYOUBUYAWESOMESAUCE!" By and large, if you buy from reputable distributors, this is a non-issue.

      • Or... you know... purchasers who aren't going for $.03 "USB3c 15ft MAXBESTDEALYOUBUYAWESOMESAUCE!" By and large, if you buy from reputable distributors, this is a non-issue.

        I agree that ridiculously cheap cables are probably no good, but that by no means guarantees that a more expensive cable will be better. Amazon, with all its various marketplaces does a good job obfuscating exactly whom I'm buying from, so it's hard for me to even tell what choice seems the most reputable. So at this point, it's still feeling like an informed gamble.

        I think this will naturally change as USB-C becomes more popular. The good cables will be well-rated, and show up more prominently in search re

    • The *LAST* thing we need is a USB cable with active components in it.

      We already have those. All USB-C cables have a chip in them.

      It's almost bad enough that some charging cables have a small resistor in them, because now there are a million different standards of them.

      Nope. There's precisely ONE current standard, BC1.2. The fact that some manufacturers choose to ignore that and do their own thing does not make it a standard.

      Also, if the ground and power wires are swapped at one end like the cable that killed the chromebook of that google employee, then no software is going to help at all. As soon as you plug it in, it will already have damaged your hardware.

      That's not the issue. That's just the single worst case. There are hundreds of cables on the market which don't meet the required signalling spec. That is what this software is chasing.

      Here is what we *DO* need: USB cables that are transparent so you can SEE the colors of wire going to the pins of each connector. *THIS* is what will prevent damage due to bad cables. Your "software" is not needed, and wouldn't help anyway.

      No that is NOT what we need. In fact what we need is manufacturers to be held to some testing standard. What

  • It isn't even widely adopted yet, and it's already causing a massive clusterfuck.

    Why did they have to make the standard so stupidly complicated? What were they thinking?

  • If "cables" are going to have authentication chips and whatnot inside them, they're not really just cables any more, are they? They're more like a third device to put between two other devices.

    Do they really have to be so much more than just a certain number of pins in a certain pattern connected to the same at the other end by conductive material?

    • It's not an authentication chip. It is just a chip that reports what the cable can do. If they didn't do it this way you would either have to design every cable to be able to deliver 50W of power and superspeed channel buffers, or you'd have to come up with a different scheme - such as the variable resistor values used before - to indicate what the cable can do. This also gets complicated fast, and is not easily extendable in the future. The active cable protocol is quite simple, and makes the whole system

    • by jrumney ( 197329 )
      The problem is that as charging currents and data rates have increased, it is no longer sufficient to just have a bunch of thin wires twisted together connected to some pins on a standardised plug. The data wires need to have the right capacitance between them, and the power wires need to be able to handle the current that is flowing over them as your phone is high-speed charging.
  • High Power Issue (Score:4, Informative)

    by foxalopex ( 522681 ) on Wednesday April 13, 2016 @12:21PM (#51901117)

    I think a part of the problem with USB-C is that it can handle up to 100 watts of power delivery! If your cable is of questionable quality or has issues, messing up 100 watts of power can definitely break things or cause a fire. I think amazon decided to go the safer route instead of destroying equipment or causing fires.

    • I think a part of the problem with USB-C is that it can handle up to 100 watts of power delivery! If your cable is of questionable quality or has issues, messing up 100 watts of power can definitely break things or cause a fire. I think amazon decided to go the safer route instead of destroying equipment or causing fires.

      Exactly! For just about any other type of digital cable, if I get a dud, the worst case scenario is, it simply won't work. That means it's pretty safe for me to buy the cheapest HDMI or micro USB cable I can find, knowing that if it doesn't work, I can always return it.

    • No the problem of USB-C is tighter spec requirements. The power delivery requirements is only a small part of the failures that have been noted which include problems with the signalling, impedance, and shielding as well.

      As speeds go up and sizes go down things start getting closer and closer to not working. Take a look at a typical USB hub. Especially the ones with single sided PCBs. Take note that it's impossible to actually meet the impedance requirements of the USB 2 spec let alone USB 3 when using surf

    • Then this is an issue for UL, not the tech companies. Just slap a sticker on the cable that tells me how many watts it is rated for. Also, all the complaints were about Type C cables "frying" electronics. How does that even happen unless there just plain wiring mixups? Cable authentication can't stop that problem cause it happens right when its plugged in!
  • If computer stores could buy a good, reliable cable tester - one that that tested the actual hardware for compliance with the actual spec - for under $100, it would make a great marketing tool.

    • Part of the hardware tester could be built right into the devices the cable is used with. Line drop is fairly trivial to determine by comparing voltages at either end of a cable. So the cables that are going to start fires will have a high line drop, the devices interconnected will determine this, and refuse to use the cable.

      That's too complicated, though, and it doesn't encourage proprietary barriers. Everybody knows vendors make all their party money on cables and accessories.

  • i can't wait until best buy starts selling high quality 3' 1000$+ usb cables. google "expensive hdmi cable best buy" if you really are unaware.
  • The only thing I want in a CABLE besides wires and insulation and maybe a matching transformer or other "if it's not there it won't work" things are safety systems, such as a fuse or idiot-proof/keyed endings/pinouts.

    If it's got anything else, it deserves a title more glorified than "cable." Maybe "adapter" or "connector" or "extender" (think USB-2 extension cables with button-batteries in them to boost the signal) but not a lowly term that implies simplicity like "cable."

  • ... will offer free software to detect faulty or malicious cables.This tool will alert users if they are using a non-authenticated cable.

    A non-authenticated cable isn't necessarily faulty or malicious. I was hoping when I saw the article that the software would do actual analysis and measurement of said cables. Like run traffic or power through them and determine performance.

    It doesn't matter one bit if said cable is 'authenticated.' So this is just more DRM shit cloaked as something 'free' and helpful.

  • > Free Software Will Help Detect Faulty and Malicious USB-C Cables

    Reading the article, I see no relation with "Free Software" mentioned and "Software Freedom."

    May be deliberate as how media changed the meaning of "Hacker."

Ummm, well, OK. The network's the network, the computer's the computer. Sorry for the confusion. -- Sun Microsystems

Working...