Apple has suffered a hit after a security researcher bypassed protections in the ACE3 USB-C controller. Demonstrated at 38C3 in Hamburg, Germany, an exploit is done that reveals some vulnerabilities of a highly customized microcontroller in the new Apple iPhone 15 series of smartphones. That’s just part of a whole set of worries growing for smartphones’ security over potential attack vectors for Apple, too.
The Hack Explained
Thomas Roth, who goes by the alias “stack smashing” in the cybersecurity community, explained how the ACE3 controller, released with the iPhone 15 and iPhone 15 Pro, handles USB power delivery and is a full microcontroller running a USB stack connected to internal iPhone systems. With reverse engineering, side-channel analysis, and electromagnetic fault injection, among other advanced techniques, Roth successfully executed code on the controller.
The hack allowed Roth to dump the read-only memory (ROM) of the ACE3, which gave him insight into its functionality. This breakthrough opens up potential vulnerabilities that could be exploited by bad actors, though no reports of real-world attacks using this method have surfaced yet.
Implications for iPhone Users
The ACE3 USB-C controller is vital to the operation of the iPhone 15 series. The exploit raises a significant red flag because it shows that security in devices should be continuously developed, especially as Apple moves forward with USB-C and brings the ecosystem closer to a universal connectivity standard. Although Apple has always had a reputation for having good security, the breach of ACE3 shows that hardware attacks are getting more sophisticated.
What’s Next for Apple?
Apple will most probably investigate these findings and will roll out firmware upgrades to close this vulnerability on the USB-C controller. The event reminds us that in the constant game between manufacturers and hackers, not all is that simple. Indeed, more dangerous attacks keep happening, and users need to be sure about keeping their gadgets updated and refusing to use doubtful cables or chargers.
Security researchers said that though this exploit is frightening, it doesn’t pose an immediate threat to the average user. It acts as a wake-up call for Apple and other smartphone manufacturers to strengthen hardware security measures to stay ahead of evolving threats.
