- Researcher uncovers method to hack the ACE3 USB-C Controller
- This is a critical component used for charging and data transfer for Apple devices
- Apple deemed the attack too complex to present a threat
The ACE3 USB-C controller, a proprietary Apple technology used for charging and data transfer for iPhones, Macs, and other devices, can be hacked to allow malicious actors to run unauthorized activities. Exploiting this vulnerability to do actual damage is a bit of a stretch, though.
At the recent 38th Chaos Communication Congress took place in Hamburg, Germany, white hat hacker Thomas Roth demonstrated hacking this critical component. He reverse-engineered the ACE3 controller, exposing the internal firmware and communication protocols. He then reprogrammed the controller, which gave him the ability to bypass security checks, inject malicious commands, and run other unauthorized actions.
Roth said the vulnerability stems from insufficient safeguards in the firmware of the controller, which would allow a threat actor to gain low-level access, then be used to emulate trusted accessories, and more.
Attack complexity
Roth said he notified Apple of the issue, but the company said the bug was too complex to exploit.
He seems to agree with this assessment, as speaking to Forbes, Roth said Apple, “saw the attack complexity and said that they don’t see it as a threat – I agree with that sentiment but wanted to at least have reported it!”
“This is essentially foundational research, the first steps that are needed to find other attacks on the chip,” Roth concluded.
It doesn’t mean the security industry should completely ignore, or forget about Roth’s findings, as it could have major implications for Apple device security, since ACE3’s integrations with internal systems means compromising it could potentially lead to further attacks.
In any case, the Android ecosystem is not affected by this flaw.
Via SiliconANGLE