USB-C Security Flaw on iPhone: Risk of Malware Accessing Data

The USB-C port found on the Apple iPhone 15 and 16 utilizes a controller chip that has been created by Apple themselves. As reported by Cyber Security News, security experts have successfully infiltrated this proprietary ACE3 chip. Thanks to advanced security measures, the hacking process is said to be significantly harder compared to the earlier ACE2 controller, which is present in devices like MacBooks.

Electromagnetic Signals and Hacking Techniques

By examining electromagnetic signals during the device’s startup, the researchers pinpointed the precise moment when the firmware gets validated. They employed a method known as “electromagnetic fault injection” to load modified firmware onto an iPhone, enabling the controller to boot it while bypassing Apple’s security checks. The specialists highlighted that this presents major risks for iPhone security, as altered firmware could enable jailbreaking or modifications to iOS, potentially allowing malware access to sensitive information or even control specific functions on an iPhone.

Physical Access and Phishing Threats

Nonetheless, it’s important to note that attackers need to have physical access to an iPhone to execute such an attack, which suggests that this security issue will likely not affect most users. Meanwhile, BleepingComputer has shed light on new phishing schemes designed to circumvent one of iMessage’s security protocols. Although Apple automatically disables links in messages from unrecognized contacts, these links become active when the recipient replies. Cybercriminals are taking advantage of this feature by convincing their targets to respond to messages. For example, attackers may try to persuade potential victims that they can stop further messages by sending “STOP.” Once a response is given, the criminals can freely distribute phishing links through iMessage. Just like with emails, it is wise to avoid clicking on links from unverified sources.

Source:
Link

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *