A security researcher has worked out how to hack a proprietary USB-C controller used by Apple, an issue that could eventually lead to new iPhone jailbreaks and other security problems.
As one of the more privacy and security-focused companies, Apple has become a prized target for hackers to beat. In one instance, it seems the iPhone’s USB-C controller has become a risk factor.
Revealed at the 38th Chaos Communication Congress in December, with information only being revealed to the public in January, researcher Thomas Roth presented a demonstration of attacking the ACE3 USB-C controller.
The ACE3 USB-C controller is a key element, as it is in charge of recharging the device and handling data transfers. It first appeared in the iPhone 15 generation, managing the included USB-C port.
SiliconAngle reports Roth managed to reverse-engineer the controller, exposing its firmware and communication protocols. From there, he could reprogram the controller to perform acts, such as injecting malicious code and bypassing important security checks.
A somewhat limited intrusion
While the hack sounds like a massive issue, it’s not really a problem for the vast majority of users. To achieve it, Roth relied on custom USB-C cables and devices, and needed clear physical access to the device to pull it off.
Though this would only be needed for initial access to the vulnerability, a compromised controller could be further manipulated without necessarily requiring such access.
The key is the need for physical access from the start, which rules out the attack being a danger to the vast majority of Apple users. This doesn’t rule out its use maliciously against some people who may consider themselves targets of nation states and other major bad actors, but that is a very small number of people.
A more realistic use for the attack is for jailbreaks, as Cyber Security news adds. By compromising the controller, it could result in untethered jailbreaks with persistent firmware implants, which can keep the operating system compromised.
There is also the feasibility of it being a potentially easier jailbreak to keep active despite Apple’s software efforts, simply because it’s a hardware attack. That said, it would also limit the potential reach of a jailbreak technique due to the hardware required.
Apple has not yet commented on the researcher’s demonstration nor its implications.
