- Researcher discovers method to hack USB-C ACE3 driver
- This is a critical component used to charge and transfer data for Apple devices.
- Apple deemed the attack too complex to pose a threat.
The ACE3 USB-C controller, a proprietary Apple technology used to charge and transfer data for iPhone, Mac, and other devices, can be hacked to allow malicious actors to execute unauthorized activities. However, exploiting this vulnerability to cause real damage is a bit of a stretch.
At the recent 38th Chaos Communication Congress held in Hamburg, Germany, white hat hacker Thomas Roth demonstrated how to hack this critical component. Reverse engineered the ACE3 controller, exposing the internal firmware and communication protocols. He then reprogrammed the controller, giving it the ability to bypass security controls, inject malicious commands, and execute other unauthorized actions.
Roth said the vulnerability is due to insufficient safeguards in the controller firmware, which would allow a threat actor to gain low-level access and then use it to emulate trusted accessories and more.
Complexity of the attack
Roth said he notified Apple about the issue, but the company said the bug was too complex to exploit.
He seems to agree with this assessment, as speaking with ForbesRoth said Apple “saw the complexity of the attack and said they don’t see it as a threat. I agree with that sentiment, but I at least wanted to have reported it.”
“This is essentially fundamental research, the first steps needed to find other attacks on the chip,” Roth concluded.
It does not mean that the security industry should ignore or completely forget about Roth’s findings, as they could have major implications for the security of Apple devices, as ACE3’s integrations with internal systems mean that compromising it could potentially lead to more attacks.
In any case, the Android ecosystem is not affected by this failure.
Through SiliconANGLE
