USB attacks have been on the rise over the past few years. Thanks to Apple’s new MacBook and Google’s new Chromebook Pixel, USB-C has hit the market with much fanfare.
Unfortunately, USB-C is being called the least secure USB standard released thus far.
The problem stems from viruses like BadUSB. BadUSB can be spread simply by attaching a USB drive to your computer. You don’t need to open the drive or perform any actions: once the USB is attached to your computer, your computer is infected. That’s it.
The obvious solution to this problem is to avoid attaching unknown USB drives to your system. If you never attach a USB drive to your system, then you’ll never get infected. It’s as simple as that.
USB-C is similar to USB in a lot of ways. The one major difference is that the USB-C port acts as both a charging cord and a USB port.
Apple and Google want USB-C to be the port where you connect everything to your computer. Since it’s the power cable, you have no choice but to use it every time you want to use your laptop.
Gizmodo and other tech sites are freaking out over this problem. Gizmodo says the following:
“Asking for a charge from a stranger is like having unprotected sex with someone you picked up at the club.”
But really, how often do you share power cables with someone?
NSA Could Exploit Power Cables
The problem isn’t necessarily the fact that you could share power cables with some hacker. The problem is that organizations like the NSA could try to intercept products between the manufacturer and you, then install spyware on USB-C devices. Or, they could bribe the manufacturer to install back doors on each device.
Does that sound crazy to you? Well, that’s exactly what the NSA has been doing over the past few years. They paid security firms like RSA $10 million to promote a flawed encryption system, which means the NSA had a big back door into many popular security devices.
In any case, critics of USB-C are already arguing that the NSA is drooling over the potential vulnerabilities in USB-C. And that’s bad news for those who are passionate about personal privacy.
USB-C Still Hasn’t Fixed Actual BadUSB Vulnerability
The other problem with USB-C is that it still hasn’t fixed the BadUSB vulnerability. That vulnerability allowed attackers to install a virus onto the firmware of the USB drive. Since antivirus software can’t scan USB firmware – and Windows doesn’t detect it – this lets the virus imperceptibly take over your system.
Ultimately, viruses like BadUSB are scary because someone can simply walk up to your computer, insert a thumb drive, and infect your system in seconds. With USB-C, infecting someone’s computer might be as easy as offering them a power cord.