By managing to hack the ACE3 controller, a key component of the iPhone 15’s USB-C port, Roth demonstrated that no system is infallible, even at Apple.
While Apple praised the security of its new USB-C port on the iPhone 15, researchers have just demonstrated that it is not infallible.
During the 38th Chaos Communication Congress in Hamburg, Germany. Thomas Roth, a security researcher known under the pseudonym “ stacksmashing“, managed to hack Apple’s ACE3 USB-C controller, a component that equips the iPhone 15 series.
The ACE3 controller is not a simple charging port. It is a real microcontroller that not only manages the power supply, but also has access to the internal buses of the device. In short, it is a gateway to the heart of the system.
The hack carried out by Roth was not simple. He had to combine several advanced techniques: reverse engineering, side channel analysis and even electromagnetic fault injection. Painstaking work which finally made it possible to execute arbitrary code on the ACE3 and access its ROM.
Apple’s response to this discovery is surprising to say the least. The company, informed by Roth, acknowledged the problem, but classified it as “non-priority” because it was considered too complex to pose a real threat.
Although the immediate risk is low, the information obtained could serve as the basis for future, more sophisticated attacks.
However, we must put it into perspective: this type of attack requires physical access to the device and specialized equipment. For the average user, the risk is therefore extremely minimal.
Experts nevertheless recommend a few simple precautions: use your own cables and chargers, avoid unsecured public charging stations and keep your iPhone up to date.
Tech
