Security researcher Thomas Roth revealed a hack of Apple’s proprietary ACE3 USB-C controller, introduced with the iPhone 15 series, during the 38th Chaos Communication Congress in late December 2024 in Hamburg, Germany.

Security researcher reveals hack of Apple’s ACE3 USB-C controller

The ACE3 USB-C controller plays a crucial role in managing charging and data transfer on Apple’s latest devices. Roth’s presentation detailed how he successfully bypassed Apple’s security measures by reverse-engineering the controller to access its internal firmware and communication protocols. This approach allowed Roth to reprogram the controller, enabling unauthorized actions, including bypassing security checks and injecting malicious commands.

The vulnerability emerged from insufficient safeguards in the ACE3 controller’s firmware, permitting an attacker to gain low-level access through specially crafted USB-C cables or devices. Once access is achieved, the compromised controller can emulate trusted accessories or perform unauthorized actions without user consent.

You Might Also Like
Apple’s Beats Fit Pro with H1 chip is leaked
Apple’s Beats Fit Pro with H1 chip is leaked
Google rolls out Fitbit AI coach to iPhone users and global markets
Google rolls out Fitbit AI coach to iPhone users and global markets
How did Kratos get to Midgard in God of War Ragnarok?
God of War Jötnar Edition is revealed

Citing the implications of this vulnerability, Roth noted that compromising the ACE3 could lead to untethered jailbreaks or persistent firmware implants that might affect the main operating system. Hackers could exploit these vulnerabilities to intercept sensitive information during data transfers or execute malicious commands by circumventing security protocols.

While the findings primarily affect iPhone and MacBook users, Roth characterized this research as foundational work for uncovering more extensive security flaws. Roth emphasized that his demonstration lays the groundwork for additional research, enabling inquiries into potential software vulnerabilities in the ACE3 firmware.

Roth communicated his findings to Apple regarding both the ACE2 and ACE3 attacks. Apple acknowledged the complexity of the ACE3 attack but downplayed its risk, stating that they did not see it as a significant threat. However, Roth expressed the importance of reporting the findings, viewing them as initial steps necessary for identifying other potential attacks on the chip.

Despite the complexity of exploiting this vulnerability and the lack of immediate danger, experts caution that it may only be a matter of time before malicious hackers attempt to leverage Roth’s methodology for their purposes. While Apple has not provided a statement on a timeline to address the ACE3 controller flaw, users are advised to maintain vigilance in their device usage.

Featured image credit: Mishaal Zahed/Unsplash