As nifty as Apple’s USB-C protocol might be, a security researcher just exposed a potential security issue. The issue, if exploited, could allow for new iPhone jailbreaks as well as other security issues.
Revealed at the 38th Chaos Communication Congress in December, with information only being revealed to the public in January, researcher Thomas Roth presented a demonstration of attacking Apple’s propriety ACE3 USB-C controller. The ACE3 USB-C controller is a key element, as it recharges the device and handles data transfers. The controller first appeared in the iPhone 15 generation, managing the included USB-C port.
Per SiliconAngle, Roth was able to reverse-engineer the controller, exposing its firmware and communication protocols. Once this had been achieved, he could reprogram the controller to perform acts such as injecting malicious code and bypassing critical security checks. Albeit impressive, this might not present a problem for the vast majority of users, and Roth had to rely on custom USB-C cables and devices as well as clear physical access to the device to pull it off.
Still, this represents a vulnerability given the potentially compromised controller. A more realistic use for the attack is for jailbreaks, as Cyber Security news adds. By compromising the controller, it could result in untethered jailbreaks with persistent firmware implants, which can keep the operating system compromised.
Apple has yet to comment on the researcher’s demonstration or its implications.
Stay tuned for additional details as they become available.
Via AppleInsider, SiliconAngle, and Cyber Security News