Apple’s USB-C Controller Officially Hacked

Tech
By 24matins.uk published 14 January 2025 at 14h00, updated on 14 January 2025 at 14h00.
Tech

Apple's proprietary USB-C controller has been officially hacked. Here's everything you need to know about it.

A Security Breach in the iPhone

A recent announcement highlights that no system is immune to security vulnerabilities. Researchers have successfully hacked Apple’s ACE3 USB-C controller, which manages both power delivery and acts as a sophisticated microcontroller with access to internal systems.

A Multi-Functional Controller

Debuted in the iPhone 15 and iPhone 15 Pro, the ACE3 USB-C controller is far more than a standard USB-C chip. It handles a full USB stack and connects to internal device buses, including the Application Processor’s Joint Test Action Group (JTAG) and the System Power Management Interface (SPMI) bus. Additionally, the ACE3 features custom firmware updates, disabled debugging interfaces, and cryptographically validated external flash memory.

Its extensive capabilities make this chip a key part of Apple’s ecosystem and a prime target for security researchers and cybercriminals alike. However, the ACE3 USB-C, manufactured by Texas Instruments for Apple, is harder to exploit than its predecessor, the ACE2. Researchers had to use more sophisticated hardware techniques to bypass the ACE3, while the ACE2 was more vulnerable to software exploits.

How Was the Hacking Accomplished?

To hack the ACE3 USB-C controller, researchers conducted a thorough analysis of the ACE2 to understand its architecture and vulnerabilities. After employing MacBook hardware exploits and custom macOS kernel modules, they managed to “backdoor” the ACE2. To tackle the ACE3’s enhanced security features, the security team utilized a combination of reverse engineering, RF side-channel analysis, and electromagnetic fault injection.

The Implications for Device Security

This breakthrough has serious implications for device security, given the ACE3’s integration with the device’s internal systems. The security breach could lead to jailbreaks, persistent firmware implants capable of compromising the main operating system, or unauthorized access by malicious actors.

It is likely that Apple will respond by implementing additional countermeasures, such as enhanced shielding or more robust fault detection mechanisms.