At the end of last year, the annual Chaos Communication Congress event took place in Germany, bringing together information security specialists from around the world. One of the congress participants was researcher Thomas Roth, known under the nickname Stacksmashing, who demonstrated a technique for hacking new Apple iPhone smartphones with a USB Type-C interface, more details about which have only now become known.
Image source: Garin Chadwick / Unsplash
Thomas Roth managed to hack the USB Type-C port controller of an Apple smartphone, which is responsible for managing charging and data transfer on the device. The researcher was able to reprogram the ACE3 controller to further use it to perform unauthorized actions, including bypassing security checks and executing malicious commands on the device.
The vulnerability exploited by Roth is a consequence of Apple not fully implementing security controls in the controller firmware. This allows an attacker to gain low-level access through the use of specially made cables or a USB Type-C device. Once access is gained, a compromised controller can be used to emulate trusted accessories or perform actions without the user’s consent.
It is noted that the ability to hack iPhones via USB Type-C has serious implications for the security of devices, since the integration of the ACE3 controller with internal systems “means that its compromise could potentially lead to untethered jailbreak or permanent implantation of firmware that could compromise the underlying operating system.” . In addition, attackers could use the vulnerability to gain unauthorized access to sensitive data or gain control of the device.
IPhone owners with USB Type-C shouldn’t worry too much about the new vulnerability, at least for now. The details of hacking Apple smartphones became known only recently, and the process of exploiting the vulnerability itself is quite complicated. In addition, Apple will likely fix the vulnerability in the future with a firmware update for the ACE3 controller, which first appeared in the iPhone 15 and iPhone 15 Pro.