Apple iPhone: Security flaw in USB-C port could let malware access sensitive data

The USB-C controller in the iPhone 15 and 16 has a security loophole. (Image source: Samuel Angor)

Researchers have successfully exploited a security flaw in the USB-C port on the Apple iPhone 15 and 16 to run modified firmware on the USB controller. Meanwhile, new phishing attacks are spreading through iMessage by sidestepping Apple's security measures.

Hannes Brecher (translated by Zhiwei Zhuang), Published 01/14/2025 🇩🇪 🇫🇷 ...

The USB-C port on the Apple iPhone 15 and 16 is handled by a controller chip developed by Apple. According to Cyber Security News, security researchers have managed to hack this proprietary chip, named ACE3. Due to security enhancements, the hacking process is reportedly much more challenging than on the previous ACE2 controller, found in devices such as MacBooks.

By analysing electromagnetic signals during the bootup process, the researchers were able to determine the exact moment when the firmware is validated. Using a technique called “electromagnetic fault injection”, modified firmware can be loaded onto an iPhone and booted by the controller after bypassing Apple’s validation. The experts said this carries serious implications for the security of iPhones because a piece of modified firmware could perform a jailbreak or even make changes to iOS, theoretically allowing malware to gain access to sensitive data or hijack individual functions on an iPhone.

However, malicious individuals must have physical access to an iPhone in order to carry out such an attack, meaning this security flaw shouldn’t become a problem for most users. In the meantime, BleepingComputer has reported on new phishing attacks aimed at bypassing one of iMessage’s security features. Even though Apple automatically disables links in messages from those not in contacts, the links will be enabled as soon as the recipient replies. Threat actors are exploiting this behaviour by tricking their targets into responding to messages. For instance, attackers might try to convince potential victims that they can prevent further messages by sending the word “STOP”. Once a reply is received, would-be criminals are free to send phishing links via iMessage. As with e-mails, it is not advisable to open any links from sources you don’t trust.

Source(s)

Cyber Security News | BleepingComputer | Samuel Angor (teaser image)

Security exploit in Subaru automobile software allows hackers full access to vehicles 01/24/2025

Major public school student information system hacked, compromising data of millions of students 01/22/2025

The new iPhone SE is believed to be Apple's next iPhone release. (Image source: Sonny Dickson)

iPhone 16e: New leak points to smaller than expected dimensions for next iPhone SE release 01/22/2025

Dummy units of the next iPhone SE show a new design for the series. (Image source: Sonny Dickson)

iPhone SE 4: Rumoured iPhone 16e pictured with Dynamic Island in new leak 01/21/2025

The MacBook Air is set to get an OLED panel in 2029. (Image source: Notebookcheck)

Rumor: Apple MacBook Air with OLED display postponed in favor of model with better LCD 01/20/2025

The next-generation Apple iPhone SE is unlikely to differ optically from the iPhone 14. (Image source: AppleTrack)

Apple iPhone 14 vs. iPhone SE 4 or iPhone 16e: Photos show marginal differences 01/20/2025

Apple has paused AI notification summaries

Apple pulls AI news summaries after inaccuracies reach tipping point 01/17/2025

The next budget iPhone will likely launch in more colours than the two shown. (Image source: Sonny Dickson - edited)

Apple iPhone 16e pictured as iPhone SE spiritual successor before early 2025 launch 01/16/2025

Apple will introduce a lot of new things in 2025, as Bloomberg analyst Mark Gurman sums up. (Image source: @theapplehub, edited)

Apple's roadmap for 2025: Bloomberg analyst names Apple Watch SE redesign, iPhone Air, M4 Mac Studio and more 01/13/2025

Digital Chat Station, a very prominent leaker in China, has confirmed the camera specs of the Apple iPhone 17 Pro. (Image source: Technizo Concept)

Apple iPhone 17 Pro: Leaker confirms new (and old) camera specs 01/13/2025

The upcoming iPad 11 might sport an A17 Pro SoC. (Image source: Apple)

Budget-oriented Apple iPad 11 might feature powerful A17 Pro SoC to afford AI wizardry 01/12/2025

The upcoming iPhone 17 Air will likely be Apple's thinnest smartphone ever. (Image source: 4RMD via YouTube)

Apple iPhone 17 Air once again rumored to be shockingly thin by prominent analyst 01/11/2025

The iPhone SE 4 is intended to be one of the affordable options in the iPhone 16 series. (Image source: Jacob on Unsplash)

Apple iPhone SE 4 aka iPhone 16e and iPad 11 rumored to be launching in January 01/08/2025

Owners of an older iPhone like the iPhone 6 should update to iOS 12.5.5 as soon as possible (Image: Apple)

Apple releases iOS 12.5.5 update with important security fixes for older iPhones and iPads 09/24/2021

Loading Comments

Comment on this article

Crypto bank Sygnum now valued at $1...

Motorola's new Moto G smartphone ar...

Editor of the original article: Hannes Brecher - Senior Tech Writer - 18300 articles published on Notebookcheck since 2018

Since 2009 I have written for different publications with a focus on consumer electronics. I joined the Notebookcheck news team in 2018 and have combined my many years of experience with laptops and smartphones with my lifelong passion for technology to create informative content for our readers about new developments in this sphere. In addition, my design background as an art director at an ad agency has allowed me to have deeper insights into the peculiarities of this industry.

contact me via: @HannesBrecher, LinkedIn, Xing

Translator: Zhiwei Zhuang - Translator - 426 articles published on Notebookcheck since 2022

After graduating with a bachelor’s degree in environmental engineering, I moved from Singapore to Cologne in 2014 and began pursuing a career as a freelance translator. Much of my translation work focuses on science, engineering and technology. My fascination with computers and mobile electronics began when I was young. And I have fond memories reading countless tech and gaming magazines. Working with Notebookcheck gives me the opportunity to incorporate my personal interests into my professional work.

Please share our article, every link counts!