- Researcher discovers method to hack ACE3 USB-C controller
- It is an essential component used for charging and data transfer of Apple devices.
- Apple deemed the attack too complex to pose a threat
The ACE3 USB-C controller, a proprietary Apple technology used for charging and data transfer for iPhones, Macs and other devices, can be hacked to allow malicious actors to perform unauthorized activities. Exploiting this vulnerability to cause real damage is a bit of a stretch, however.
At the recent 38th Chaos Communication Congress held in Hamburg, Germany, white hat hacker Thomas Roth demonstrated hacking this critical component. He reverse engineered the ACE3 controller, exposing the internal firmware and communications protocols. He then reprogrammed the controller, giving it the ability to bypass security controls, inject malicious commands, and perform other unauthorized actions.
Roth said the vulnerability stems from insufficient protections in the controller’s firmware, which would allow a malicious actor to gain low-level access and then be used to emulate trusted accessories and more.
Complexity of the attack
Roth said he informed Apple of the problem, but the company said the bug was too complex to exploit.
He appears to agree with this assessment, as speaking to ForbesRoth told Apple, “saw the complexity of the attack and said they didn’t view it as a threat – I agree with that sentiment but wanted to have at least reported it!”
“This is essentially fundamental research, the first steps needed to find other attacks on the chip,” Roth concluded.
This does not mean that the security industry should completely ignore or forget Roth’s findings, as this could have major implications for the security of Apple devices, since ACE3’s integrations with internal systems mean that its compromise could potentially lead to new attacks.
In any case, the Android ecosystem is not affected by this flaw.
Via SiliconANGLE
