[jitl]

The marginal happiness for 1% of security nerds would be vastly outweighed by frustration for 99% of people who don’t care.

I don’t want a bunch of broken fake USB-C cables lying around that work for slow charging only and will totally fail when used with my mouse, keyboard, running an external display, etc. I get these kinds of USB-C cables from time to time in boxes with mediocre gadgets and throw them out! Anker’s whole brand was originally based on testing USB cables to weed out the broken ones after all.

What is the threat model here anyways? My approach to security when charging my devices is:

1. Use my own charger and cable

I am not worried about my power supply brick getting pwned by a rootkit delivered via the airplane’s AC power mains and then that pivoting to my laptop.

So is the threat that my power brick got pwned on its way from the factory to me?

[DanielHB]

My inlaws were trying to transfer files to a PC from their phones with one of these non-data cables. Even my somewhat tech-savy partner didn't know non-data cables.

I taught them the trick about feeling the cable stiffness, I showed them a type-c cable without data vs one with data vs thunderbolt3 type-c. They just couldn't understand why it wasn't working until I showed them there was a physical and tactile difference in the cables.

[thedanbob]

Wild that the best way to tell what kind of USB cable you've got is the equivalent of knocking on a melon to see if it's ripe.

[DanielHB]

Why? When electronics don't work the first thing I do is hit it kinda hard, same as the old days.

[thedanbob]

Relevant SMBC: https://www.smbc-comics.com/comic/halting

[freehorse]

In usb-a cables you can actually see the pins themselves missing looking into the connector from the outside; in usb-c not so much (or at least i could not really see anything there). I could never figure out how to determine a no-data usb-c cable, though I have only even seen one anyway.

The problem with stiffness etc is that there is already a lot of variability on usb-c cables, though there could definitely be something there that I just did not notice.

[SAI_Peregrinus]

I just bought a tester from Treedix. It's a small board with a bunch of USB connectors (host side has 3.0 A, 2.0A, C, device side has micro-B, lightning, mini-B, 3.0 micro-B, C, and 3.0 B), a CR2032 coin cell, and a bunch of LEDs that light up when there's continuity for that link. So you can see when a cable has a USB-C connector but only USB-2.0 D+ and D- lines and CC vs one with the extra differential pairs. Faster than trying to mess with a breakout board & a multimeter.

[freehorse]

I assumed that the threat model includes been given a power brick that is already pawned (maybe has some chip with GSM access and somebody is gonna hack your computer through it or sth, or exploits some unknown zero day). And I would assume that is nation state level of a threat, either a supply chain kind of attack or more targeted.

Personally I have come accross no-data usb cables which I hated, but i see no reason to carry such a cable with me and then carry extra usb cables for data transfer. I am happy enough that the multiple cable problem is mostly solved and I still remember and by no means miss the days that I had to carry a separate charger and associated cable for each device, plus possibly other cables to connect stuff together.