- Researcher discovers method to hack ACE3 USB-C controller
- This is a crucial part used for charging and data transfer of Apple devices
- Apple deemed the attack too complex to pose a threat
The ACE3 USB-C controller, a proprietary Apple technology used for charging and data transfer of iPhones, Macs and other devices, can be hacked to allow malicious actors to perform unauthorized activities. However, exploiting this vulnerability to cause actual damage is a bit complicated.
At the recent 38th Chaos Communication Congress in Hamburg, Germany, white hat hacker Thomas Roth demonstrated how he hacked this crucial component. He reverse-engineered the ACE3 controller, exposing its internal firmware and communications protocols. He then reprogrammed the controller, giving it the ability to bypass security controls, inject malicious commands, and perform other unauthorized actions.
Roth said the vulnerability stems from insufficient security in the controller’s firmware, which could allow a threat actor to gain low-level access and then use it to emulate trusted accessories and more.
Attack complexity
Roth said he alerted Apple to the problem, but the company said the bug was too complex to exploit.
He seems to agree with this assessment, as he speaks ForbesRoth told Apple, “saw the complexity of the attack and said they don’t see it as a threat – I agree with that sentiment, but wanted to at least have reported it!”
“This is essentially basic research, the first steps needed to find other attacks on the chip,” Roth concluded.
It does not mean that the security industry should completely ignore or forget about Roth’s findings as this could have major implications for the security of Apple devices as ACE3’s integration with internal systems means that compromising them could potentially lead to further attacks .
In any case, the Android ecosystem is not affected by this leak.
Via Silicon ANGLE