A recent security breach has exposed a vulnerability in Apple’s highly customized ACE3 USB-C controller, which was introduced with the iPhone 15 series. Security researcher Thomas Roth successfully bypassed Apple’s security protections to hack the device, raising concerns about smartphone security.
Roth presented his research at the 38th Chaos Communication Congress and shared a video of his talk, which has now been made available. The ACE3 USB-C controller is a full microcontroller running a full USB stack connected to internal device busses. Roth exploited multiple methods, including reverse engineering, side-channel analysis, and electromagnetic fault-injection, to achieve code execution on the ACE3.
While the attack primarily affects iPhone users, Roth noted that it may have limited impact on the broader smartphone ecosystem, with Android users being less affected. However, for iOS users, the potential impacts are significant, as the vulnerability could lead to software vulnerabilities in other chips and potentially more serious attacks.
Roth reported his findings to Apple, but was told that only the ACE2 attack would be addressed due to its hardware nature. In contrast, Roth expressed optimism that the ACE3 attack would prompt further research into the chip’s security, which could uncover new vulnerabilities.
Source: https://www.forbes.com/sites/daveywinder/2025/01/12/apple-iphone-usb-c-hacked-what-you-need-to-know