Malcolm Owen
A security researcher has worked out how to hack a proprietary USB-C controller used by Apple, an issue that could eventually lead to new iPhone jailbreaks and other security problems.
As one of the more privacy and security-focused companies, Apple has become a prized target for hackers to beat. In one instance, it seems the iPhone's USB-C controller has become a risk factor.
Revealed at the 38th Chaos Communication Congress in December, with information only being revealed to the public in January, researcher Thomas Roth presented a demonstration of attacking the ACE3 USB-C controller.
The ACE3 USB-C controller is a key element, as it is in charge of recharging the device and handling data transfers. It first appeared in the iPhone 15 generation, managing the included USB-C port.
SiliconAngle reports Roth managed to reverse-engineer the controller, exposing its firmware and communication protocols. From there, he could reprogram the controller to perform acts, such as injecting malicious code and bypassing important security checks.
A somewhat limited intrusion
While the hack sounds like a massive issue, it's not really a problem for the vast majority of users. To achieve it, Roth relied on custom USB-C cables and devices, and needed clear physical access to the device to pull it off.
Though this would only be needed for initial access to the vulnerability, a compromised controller could be further manipulated without necessarily requiring such access.
The key is the need for physical access from the start, which rules out the attack being a danger to the vast majority of Apple users. This doesn't rule out its use maliciously against some people who may consider themselves targets of nation states and other major bad actors, but that is a very small number of people.
A more realistic use for the attack is for jailbreaks, as Cyber Security news adds. By compromising the controller, it could result in untethered jailbreaks with persistent firmware implants, which can keep the operating system compromised.
There is also the feasibility of it being a potentially easier jailbreak to keep active despite Apple's software efforts, simply because it's a hardware attack. That said, it would also limit the potential reach of a jailbreak technique due to the hardware required.
Apple has not yet commented on the researcher's demonstration nor its implications.
-m.jpg)
Andrew O'Hara
Christine McKee
William Gallagher
8 Comments
While it might not be an issue for most people now, left unpatched, it could become a bigger problem later on, if someone can leverage already existing charging hacks. So it's still a good idea to use only trusted cables and chargers.
If it wasn’t for jailbreaking you wouldn’t have the iPhones control center. This is fact. More innovation has been done by jailbreakers for the iPhone. Of course it’s impossible now to do so. I remember having one jailbreak to be able to automatically play my music when connecting to my Bluetooth device in my car. This was on an iPhone 3GS. It’s only until the Apple App Shortcuts came out that you could do this. And Apple does not let you differentiate between the Music app that you want to use. Android has apps that let you do this. Apple does not. at least for music
My usb-c port is usually filled with pocket lint and bubblegum as a security precaution. Isn’t everybody’s?
Thank the goddess we got rid of that horrific Lightning mess.
I’m sure this will be good for police/FBI/DHS/CIA. A way to break into iPhones like GreyKey.