Monday, January 13, 2025

 

DIGITAL LIFE


Close-up of a USB-C cable with the word "iPhone" underneath.

Researchers Demo Alarming iPhone USB-C Controller Hack Affecting Millions Of Devices

It seems like the ACE3 USB-C controller used on Apple iPhone 15 and newer can be hacked thanks to insufficient safeguards in the controller's firmware. The breach was achieved by security researchers and was recently detailed in a video. The ACE3 USB-C controller, used for charging and data transfer, is part of Apple's major shift from Lightning connectors to USB-C for its latest devices.

Apple may be facing a new task of increasing safeguards for its new USB-C connectors used on its latest products, more specifically the ACE3 USB-C controller. Security researchers have recently come forward with details of how they were able to hack the controller and ultimately emulating trusted Apple accessories and perform actions minus user consent.

In a detailed demonstration at the 38th Chaos Communication Congress last month, researcher Thomas Roth showed how the hack was done. Roth said that by reverse-engineering the ACE3 controller, the firmware and communication protocols were exposed. Through these compromises, Roth could reprogram the controller to bypass validation checks and boot a modified firmware patch into the controller's CPU. 

Now, Roth made clear that the break-in process is rather involved, combining the aforementioned reverse engineering, RF side-channel analysis, and electromagnetic fault injection. Once the exact moment when firmware validation happened (via electromagnetic signal measurements), the researchers succeeded in using electromagnetic fault injection to bypass the validation checks.

This discovery could have serious implications for user data security and device integrity. Imagine threat or malicious actors gaining control of the device and access (or intercepting) data by firmware implants that compromise the operating system. Even though the hack is hard to pull off, you can bet that exploiters will figure this out. 

It has to be said that Apple's USB-C isn't your typical USB-C. The Texas Instruments-made ACE3 controller is a full microcontroller running a complete USB stack connected to internal busses on the device. While these features make the port more integral to Apple accessories and ecosystem, this hack reveal shows that security flaws exists.

Apple has yet to make an official statement about Roth and his findings(https://media.ccc.de/v/38c3-ace-up-the-sleeve-hacking-into-apple-s-new-usb-c-controller), so stay tuned to this space as this news develops. 

mundophone

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

  TECH ASUS ROG OLED Gaming Laptop With RTX 4090 Is $450 Off And More Mobile Deals For Gamers In theory, it is an incredibly awkward time to...

  • (no title)
    TECH In Memoriam: The Tech That Died in 2018 A bongo enthusiast once said, "time is a flat circle," which is a pretentious...
  • (no title)
      HONOR Model 60 Pro: Sparkling design and camera configuration confirmed by teaser image Honor is not due to unveil the Honor 60 series for...
  • (no title)
      OPPO New and unprecedented model Find X6 will debut with a huge photo sensor Oppo has a strong smartphone lineup lately, offering great fo...