Researchers have uncovered a method to compromise the ACE3 USB-C controller, a proprietary component integral to Apple’s ecosystem, utilized for charging and data transfer in devices such as iPhones and Macs.
During the Chaos Communication Congress in Hamburg, hacker Thomas Roth showcased his successful breach of the controller. By reverse-engineering ACE3, Roth unveiled its internal firmware and communication protocols. Subsequently, he reprogrammed the controller, enabling him to bypass built-in security checks, inject malicious commands, and execute other unauthorized actions.
The vulnerability stems from insufficient protection in the controller’s firmware, allowing attackers to gain low-level access, impersonate trusted accessories, and carry out other illicit operations. However, Roth emphasized that exploiting this flaw demands considerable effort and expertise.
Roth reported the issue to Apple, but the company deemed the attack’s complexity to render it an unlikely threat. Roth concurred, clarifying that his research aimed to highlight fundamental vulnerabilities rather than pose an immediate danger.
Although Apple has no plans to address the issue at present, experts agree that major corporations must allocate greater attention to hardware security to forestall similar attacks in the future.
