Apple users facing new security risks after critical USB component hacked

Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol

(Image credit: Shutterstock)

Researcher uncovers method to hack the ACE3 USB-C Controller
This is a critical component used for charging and data transfer for Apple devices
Apple deemed the attack too complex to present a threat

The ACE3 USB-C controller, a proprietary Apple technology used for charging and data transfer for iPhones, Macs, and other devices, can be hacked to allow malicious actors to run unauthorized activities. Exploiting this vulnerability to do actual damage is a bit of a stretch, though.

At the recent 38th Chaos Communication Congress took place in Hamburg, Germany, white hat hacker Thomas Roth demonstrated hacking this critical component. He reverse-engineered the ACE3 controller, exposing the internal firmware and communication protocols. He then reprogrammed the controller, which gave him the ability to bypass security checks, inject malicious commands, and run other unauthorized actions.

Roth said the vulnerability stems from insufficient safeguards in the firmware of the controller, which would allow a threat actor to gain low-level access, then be used to emulate trusted accessories, and more.

Attack complexity

Roth said he notified Apple of the issue, but the company said the bug was too complex to exploit.

He seems to agree with this assessment, as speaking to Forbes, Roth said Apple, “saw the attack complexity and said that they don't see it as a threat - I agree with that sentiment but wanted to at least have reported it!”

“This is essentially foundational research, the first steps that are needed to find other attacks on the chip,” Roth concluded.

It doesn’t mean the security industry should completely ignore, or forget about Roth’s findings, as it could have major implications for Apple device security, since ACE3’s integrations with internal systems means compromising it could potentially lead to further attacks.

In any case, the Android ecosystem is not affected by this flaw.

Via SiliconANGLE

A previously unknown hardware feature has been hijacked to hack iPhones across the world
Here's a list of the best antivirus tools on offer
These are the best endpoint protection tools right now

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.