Thomas Roth, a computer security researcher, has discovered a vulnerability in the USB-C port of iPhones. Since the iPhone 15 launched in 2023, Apple has been integrating a USB-C charging port into its smartphones, instead of the traditional Lightning port. On the iPhone 16 range, we only find USB-C, in accordance with European regulations.
According to the researcher's investigations, this port is a vector for cyberattacks. The German expert revealed the results of his experiments at the 38th Chaos Communication Congress, an annual event dedicated to cybersecurity that is organized by the Chaos Computer Club, a German collective of ethical hackers. In front of his peers, he demonstrated how it was possible to exploit the iPhone's USB-C to orchestrate an attack.
All about the iPhone USB-C flaw
The flaw is located in the ACE3 USB-C controller of the iPhone's charging port. This component is essential for charging and data transfers. It regulates the energy transmitted by the USB-C cable to safely recharge the battery and supervises communication between the iPhone and other devices, such as a computer or a hard drive, by controlling the data that passes through the port.
Thomas Roth took the time to analyze the operation of the chip, in particular by extracting its firmware and its communication protocols. This process is called reverse engineering, which is Roth’s specialty.
The main obstacle the researcher faced was that the chip’s firmware is not publicly available. However, he succeeded in doing so, through a complex and tedious process. Once he had managed to dissect the controller, he was able to reprogram it to his liking. According to the researcher, the controller’s firmware suffers from security lapses. The chip's characteristics "make it a prime target for persistent attacks, such as the implantation of malicious firmware," Roth explains on the Chaos Communication Congress website.
As part of his demonstration, the researcher used the USB-C port to bypass Apple's security mechanisms and install software into the heart of the iPhone. The attack can ultimately compromise the integrity of the iOS operating system.
A limited risk?
This cyberattack requires physical access to the smartphone and significant technical skills. In fact, we can estimate that the risks are rather limited, especially since the operation requires very specific USB-C cables.
Offensives of this type will rather target individuals with high responsibilities, such as CEOs or heads of state. In this case, the USB-C port could allow manipulation of the iPhone later, for example to carry out espionage operations. The software installed by the attacker can for example exfiltrate data stored on the phone, such as your passwords or your bank details.
For example, it could pretend to be a trusted device in order to fool the user. The media SiliconAngle, which relays Roth's experience, underlines that the flaw could also serve as a basis for jailbreak operations. By exploiting the vulnerability, it’s possible to bypass Apple’s restrictions to install just about anything.
Apple Refuses to Patch
As Roth explains to Forbes, Apple has no plans to patch the USB-C port vulnerability because it’s a hardware issue. In short, the flaw isn’t a big enough concern for the Cupertino giant. He says Apple likely found the exploit too complex.
Cybersecurity consultant Adam Pilton believes that Apple is making a mistake by refusing to patch the breach. He says that "cybercriminals will carefully analyze this information to identify a vulnerability or backdoor that would allow them to conduct their criminal activities." The expert says he is "convinced that nation states will take particular interest in this discovery and will find a way to exploit this information to the detriment of Apple and its customers." That’s why he believes that “acting now, rather than later, could save iPhone users a lot of trouble in the future.”
Source: SiliconAngle
0 Comments