Apple users face new security challenges after security researcher Thomas Roth successfully hacked the ACE3 USB-C controller in the iPhone 15 series, as disclosed at the 38th Chaos Communication Congress in December 2024. The hack highlights vulnerabilities in Apple’s USB-C implementation.
Apple users face security risks after ACE3 hack discovery
The ACE3 custom USB-C controller is responsible for managing USB power delivery and data transfer in Apple devices. Roth’s research involved reverse engineering the controller’s firmware and employing techniques such as side-channel analysis and electromagnetic fault injection to achieve code execution on the ACE3. This allowed him to dump the ROM and analyze the controller’s functionality.
Roth explained that the ACE3 controller is a “full microcontroller running a full USB stack connected to some of the internal busses of the device.” He found that the vulnerabilities resulted from insufficient safeguards in the controller’s firmware, which could allow attackers to gain low-level access via specially crafted USB-C cables or devices. Once compromised, the ACE3 could be manipulated to emulate trusted accessories or execute unauthorized commands.
A new iPhone is coming and it’s the thinnest yet
Consequently, the integration of the ACE3 with Apple’s internal systems poses significant risks, potentially enabling untethered jailbreaks or persistent firmware implants that could compromise the main operating system. Hackers could also exploit these vulnerabilities to intercept sensitive data during transfers or manipulate devices without user consent.
Roth emphasized that while the findings primarily affect iPhone and MacBook users, this research serves as foundational work for uncovering broader security flaws in smartphone hardware. Roth contacted Apple regarding both the earlier ACE2 and the ACE3 attack. Initially, Apple confirmed it would address the ACE2 issue but later deemed it a hardware problem. Regarding the ACE3, Roth noted that Apple acknowledged the complexity of the hack but did not view it as an immediate threat.
Despite the complexity of the hack, experts warn that it may only be a matter of time before malicious actors attempt to exploit these vulnerabilities. Apple has not yet provided a timeline for addressing the issues with the ACE3 controller. In the meantime, users are advised to remain cautious about potential unauthorized access and manipulation of their devices.
Featured image credit: Marcus Urbenz/Unsplash