JAKARTA - A security researcher has managed to break into Apple's exclusive USB-C controller, which has the potential to pave the way for a new iPhone jailbreak and other security concerns.
As one of the companies most focused on privacy and security, Apple is the hacker's main target. This time, the USB-C controller on the iPhone is a new risk point.
This study was revealed at the 38th Chaos Communication Congress event in December 2024 and was only published in January. Thomas Roth researchers present how to attack USB-C ACE3 controllers, the main component in charge of managing charging and data transfer on devices.
ACE3 was first used in the iPhone 15 generation to set up the included USB-C ports. Roth managed to dismantle this firmware and control communication protocol, opening the gap for resetting controllers to insert malicious codes and passing important security checks.
While it sounds serious, this attack is not a threat to most users. Roth requires dedicated USB-C cables, certain devices, and direct physical access to the device to launch this attack.
SEE ALSO:
Once initial access is achieved, compromised controllers can be further manipulated without requiring further physical access. However, the need for physical access at the beginning makes this attack unlikely to pose a threat to the majority of Apple users.
A more realistic use is for jailbreak. By manipulating the controller, it can generate a wireless bailbreak (untethered) with permanent firmware implants that allow the operating system to remain in a compromised condition.
This approach also has the potential to make jailbreak more difficult to neutralize by Apple's software updates, as it involves hardware-based attacks. However, this technique is limited because it requires dedicated hardware, so it cannot be widely used.
Until now, Apple has not commented on Roth's demonstration or its implications for device security.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)