Ebrius Disputatios

A new hardware breach could serve as an entry point for large-scale attacks.

Researchers have discovered a way to hack the ACE3 USB-C controller used for charging and data transfer in Apple devices, including iPhones and Macs. This component is proprietary to the company and plays a key role in the functioning of the Apple ecosystem.

During the Chaos Communication Congress in Hamburg, hacker Thomas Roth demonstrated a controller hack. He reverse engineered ACE3, revealing the internal software and communication protocols. Roth then reprogrammed the controller, allowing it to bypass built-in security checks, inject malicious commands, and perform other unauthorized actions.

The cause of the vulnerability was insufficient protection in the controller firmware, which allows attackers to gain low-level access, imitate trusted accessories, and perform other actions. However, according to Roth, exploiting this vulnerability requires significant effort.

Roth notified Apple of the problem, but the company determined that the high level of sophistication of the attack made it an unlikely threat. The hacker agreed with this conclusion, noting that his work was exploratory in nature and aimed at identifying fundamental vulnerabilities.

Although Apple currently has no plans to fix the problem, experts agree that large companies need to pay more attention to hardware solutions to prevent similar attacks in the future.