- Researcher reveals method to hack ACE3 USB-C controller
- This is a critical component used for charging and data transfer to Apple devices
- Apple considered the attack too complex to pose a threat
The ACE3 USB-C controller, a proprietary Apple technology used for charging and data transfer to iPhones, Macs and other devices, can be hacked to allow malicious actors to perform unauthorized activities. However, exploiting this vulnerability to do actual damage is a bit of a stretch.
At the recent 38th Chaos Communication Congress held in Hamburg, Germany, white hat hacker Thomas Roth demonstrated hacking this critical component. He reverse-engineered the ACE3 controller and exposed the internal firmware and communication protocols. He then reprogrammed the controller, allowing him to bypass security checks, inject malicious commands, and perform other unauthorized actions.
Roth said the vulnerability stems from inadequate security measures in the controller’s firmware, which would allow a threat actor to gain low-level access, then be used to impersonate trusted accessories and more.
Attack complexity
Roth said he notified Apple of the issue, but the company said the bug was too complex to exploit.
He seems to agree with this assessment to which he speaks ForbesRoth said Apple “saw the complexity of the attack and said they don’t see it as a threat – I agree with that sentiment, but would have at least reported it!”
“This is basically fundamental research, the first steps needed to find other attacks on the chip,” Roth concluded.
That doesn’t mean the security industry should completely ignore or forget Roth’s findings, as it could have major implications for Apple’s device security, as ACE3’s integrations with internal systems mean compromising it could potentially lead to further attacks.
In any case, the Android ecosystem is not affected by this bug.
Via Silicon ANGLE
