A security researcher has successfully hacked Apple's custom USB-C controller found in iPhone 15 devices, potentially opening new avenues for security research and vulnerability discovery.
The breakthrough was revealed at the recent Chaos Communication Congress (38C3) in Hamburg, Germany, where researcher Thomas Roth (known as "stacksmashing") demonstrated how he bypassed Apple's security protections on the ACE3 USB-C controller.
The ACE3 controller, introduced with the iPhone 15 series, manages USB power delivery and operates as a microcontroller connected to the device's internal systems. Through a combination of reverse engineering, side-channel analysis, and electromagnetic fault-injection techniques, Roth achieved code execution on the controller and accessed its ROM contents.
While Android users can breathe easy as this research specifically impacts Apple devices, the implications for iPhone security research are noteworthy. The hack provides unprecedented access to previously undocumented firmware, potentially enabling researchers to uncover additional vulnerabilities.
Roth reported his findings to Apple, who acknowledged the research but determined the attack complexity posed minimal risk. "This is essentially foundational research, the first steps needed to find other attacks on the chip," Roth explained.
The discovery highlights the ongoing challenges in securing complex mobile devices, where various components—from main processors to secure elements—can potentially harbor vulnerabilities. As this research lays groundwork for deeper exploration of the ACE3 controller, security experts will closely monitor developments for both defensive research and potential security concerns.
While current iPhone users face no immediate threat, this breakthrough demonstrates the evolving landscape of mobile device security research and the constant push to understand potential vulnerabilities in even the most carefully designed systems.