Security researcher Thomas Roth (known as "stacksmashing") has successfully hacked Apple's custom ACE3 USB-C controller found in iPhone 15 devices, as revealed at the recent Chaos Communication Congress in Hamburg.
The Technical Achievement
Roth managed to execute code on the ACE3 controller—the component that manages USB power delivery and connectivity in iPhone 15 models. Through a combination of reverse engineering, side-channel analysis, and electromagnetic fault-injection techniques, the researcher gained access to the controller's ROM and analyzed its functionality.
Impact Assessment
According to Roth, the current hack has limited immediate security implications for iPhone users. The research primarily serves as groundwork for understanding the ACE3 chip's inner workings, potentially enabling future security research.
The vulnerability appears to be iPhone-specific, with Roth confirming that Android devices are not affected by these findings.
Apple's Response
When notified about the vulnerability, Apple assessed the attack complexity and determined it did not pose a direct threat to users. For a previous ACE2 controller issue, Apple initially planned fixes for fall 2024 but later classified it as a hardware issue that would not be addressed.
Looking Forward
While the current hack may not pose immediate risks, it opens new avenues for security research. The exposed firmware could lead researchers to discover additional vulnerabilities in the future. However, this knowledge could potentially be leveraged by both security researchers and malicious actors.
Expert Perspective
Roth emphasizes that smartphone security involves multiple components, including the main processor, baseband, secure element, and specialized chips like the ACE3. The challenge in researching these components stems from limited documentation and firmware availability, making this breakthrough particularly notable for future security analysis.
The discovery highlights the ongoing challenges in securing complex mobile devices and the importance of continued security research in identifying potential vulnerabilities before they can be exploited maliciously.