USB C has been adopted by Apple on their new MacBook and Google on their new Chromebook Pixel laptops. USB C has benefits that make it ideal for lighter and thinner laptops. The benefits include transfer speeds of 10 Gig per second and you can also use it to plug in your charger to recharge your battery. Whilst all this sounds good as it means you can have less ports on your laptop resulting in a thinner lighter laptop it also leaves you with two major security headaches, BadUSB and Borrowed Charger attack.
BadUSB was revealed at last year’s Black Hat security conference and 2 months after that the source code for it was revealed on Github. BadUSB is where any USB device attached to a computer can be be reprogrammed so that they can spread malware, masquerade as another device or even rewrite the firmware of other attached USB devices
Borrowed Charger Attack was revealed by The Verge last week and it’s where a third party charger is used to infect your computer. If you are in a situation where you have forgotten to pack your charger, human nature dictates you use what charger is handy which also means you have no idea about its origins.
Companies who are worried about data theft or malware and viruses tend to block up all USB ports on their computers but if a computer has a USB C port this sadly can’t be done. Also if a company does not have a BYOD policy in place, you then have a happy breeding ground for BadUSB and Borrowed Charger attacks. Apple and Google have led the way in adopting USB C so it won’t be long before other manufacturers follow suit and it becomes a standard.
In the meantime don’t plug anything into your computer that you absolutely don’t trust and you will lessen your chances of getting BadUSB or Borrowed Charger attacks. Computer manufacturers could also play their part in stopping the spread of BadUSB by prompting the computer user to enter their admin password. When the admin password is entered, the user is conforming to the computer that it is allowing it to access the plugged in USB device. This won’t completely eradicate BadUSB but it will lessen the spread of it and also sure that any computer left alone for a few minutes can’t have somebody else abuse it.