A security researcher has successfully hacked Apple's ACE3 USB-C controller, exposing potential vulnerabilities in recent iPhone and MacBook devices. The hack was revealed at the 38th Chaos Communication Congress in Hamburg, Germany.
Thomas Roth, known by the handle "stacksmashing," demonstrated how he breached Apple's security by reverse-engineering the ACE3 controller - a key component that manages charging and data transfer in Apple's latest devices. Through specialized techniques including side-channel analysis and electromagnetic fault injection, Roth gained access to the controller's internal firmware and communication protocols.
The ACE3 controller, introduced with the iPhone 15 series, operates as a microcontroller connected to internal device systems. Once compromised, the controller could potentially be manipulated to bypass security checks or execute unauthorized commands through specially crafted USB-C cables or accessories.
While the current hack requires sophisticated technical knowledge, security experts warn that malicious actors could eventually develop simplified attack methods. The vulnerability could enable unauthorized data access during transfers or even allow persistent firmware modifications affecting the operating system.
When notified about the findings, Apple acknowledged the hack's complexity but indicated they do not currently view it as a major security threat. However, security consultant Adam Pilton cautioned that access to the controller's read-only memory could give cybercriminals valuable insights into potential weaknesses.
The research primarily impacts iPhone and MacBook users, while Android devices remain unaffected. As technical details become public, users should exercise caution with unknown USB-C accessories and charging equipment.
Apple has not yet announced plans to address the ACE3 controller vulnerability. The company's response and potential security updates will be closely watched by the cybersecurity community.