Power over USB

USB could make power consumption more intelligent, but security concerns need to be addressed.

I’ve been reading about enhancements to the USB 3.0 standard that would allow a USB cable to provide up to 100 watts of power, nicely summarized in The Economist. 100 watts is more than enough to charge a laptop, and certainly enough to power other devices, such as LED lighting, televisions, and audio equipment. It could represent a significant shift in the way we distribute power in homes and offices: as low voltage DC, rather than 110 or 220 volt AC. Granted, 100 watts won’t power a stove, a refrigerator, or a toaster, but in a USB world, high-voltage power distribution could be limited to a few rooms, just like plumbing; the rest of the building could be wired with relatively inexpensive USB cables and connectors, and the wiring could easily be done by amateurs rather than professional electricians.

It’s an interesting and exciting idea. As The Economist points out, the voltages required for USB are easily compatible with solar power. Because USB cables also carry data, power consumption can become more intelligent.

But I have one concern that I haven’t seen addressed in the press. Of course USB cables carry both data and power. So, when you plug your device into a USB distribution system, whether it’s a laptop or phone, you’re plugging it into a network. And there are many cases, most notoriously Stuxnet, of computers being infected with malware through their USB ports. It no doubt took some fairly good social engineering to get an infected USB stick into a computer in an Iranian nuclear facility. But it wouldn’t take any social engineering at all, just a lunch appointment or an interview, to plug an infected drive into the USB power distribution system at some future office complex. You might not even need access to the business you wanted to attack if, as the Economist imagines, power distribution is shared between different buildings in an industrial park.

The most security conscious among us frequently put epoxy in their USB ports. But epoxy won’t work if that port is your only way to charge your laptop. We’re going to need much stricter discipline than epoxy if USB is to become a power distribution standard. More than anything, we will need to be confident that there aren’t any backdoors into our system. A quick Google search is scary indeed, and the NSA is the least of our worries. Can we keep our data, and our systems, safe? History suggests that we can’t.

tags: ,