iPhone USB-C is hackable, but users don’t need to worry yet

TL;DR: The inclusion of USB-C support on the latest iPhones streamlines cable usage for users, but it also raises concerns about potential security vulnerabilities. While no hacking incidents have targeted the device’s USB-C controller yet, research indicates that accessing the firmware and running code is technically possible.

Security researcher Thomas Roth uncovered vulnerabilities in Apple’s ACE3 USB-C controller for iPhone 15 and 16 models. Although no immediate action is necessary for users, these vulnerabilities do not affect Android devices. Roth’s discoveries highlight the potential for future attack methods to be developed.

During the 38th Chaos Communication Congress in Hamburg, Roth showcased advanced techniques like side-channel analysis and electromagnetic fault injection on Apple’s USB-C controller, successfully extracting the firmware.

While simply extracting the firmware does not immediately pose a threat, it does provide malicious actors with an opportunity to analyze the code, identify vulnerabilities, and potentially create malware to exploit them. Apple has chosen not to act at this time due to the complexity of Roth’s methods. However, if attackers use the dumped firmware to discover security flaws, Apple may need to respond.

One possible response could involve revising the hardware in upcoming iPhone models. Any issues that arise would likely impact iPhones expected in the next few years, including the rumored iPhone SE 4 and the iPhone 17 lineup. More significant hardware changes, like the rumored foldable iPhone, could incorporate enhanced security measures to address these risks.

Apple added USB-C support to iPhones to comply with recent European regulations mandating the use of USB-C charging ports on all mobile devices. While standardization benefits consumers by eliminating the need for proprietary cables, it also introduces new security challenges for Apple to address.

New X-ray scanning methods have revealed hidden hardware components in USB-C cables. Cables from untrustworthy manufacturers could be used for distributing malware or stealing data, posing a threat that may require specialized tools for detection. The exposure of Apple’s USB-C controller firmware could potentially facilitate similar attacks in the future.

Despite the risks, there are positive outcomes from dumping the firmware. Independent repair specialists have utilized Roth’s research to enhance their ability to diagnose and repair Macs.

Apple and other tech companies have faced criticism for impeding user or third-party repair efforts, often requiring high fees for authorized service. Roth’s findings could help promote increased repairability and transparency in the industry.