Security vulnerability discovered in iPhone USB-C port

• Discovery:
  Security researcher Thomas Roth has demonstrated how the USB-C controller (ACE3) used by Apple since the iPhone 15 (from 2023) can be compromised.
• Approach:
  Roth used technically sophisticated methods such as reverse engineering, RF side-channel analysis, and electromagnetic fault injection to bypass the controller’s validation checks and even load modified code into the CPU.
• Complexity & risk:
  According to Apple, the attack is so complex that it is considered practically non-threatening and is therefore not currently classified as a serious danger.
• Timeline:
  Roth first presented his findings in June of last year at the Offensive Security Conference and later in December at the Chaos Communication Congress. The presentation is also available on YouTube.

Source: https://www.macwelt.de/article/2575981/sicherheitslucke-usb-c-iphone.html

Recommended protective measures:

1. Avoid physical access

• Do not leave your iPhone unattended in public places.
• Do not connect unknown devices or cables in hotels, offices, or at conferences.

2. Only use trusted chargers and cables

• Use Apple-certified (MFi) cables and chargers.
• Do not use “free charging stations” at airports or public places (risk of “juice jacking”).

3. Enable USB accessory lock

• In Settings → Face ID & Passcode, leave the USB Accessories option disabled.
• This prevents the Lightning/USB-C port from transferring data when the device has been locked for more than 1 hour.

4. Regular iOS updates

• Updates often silently include security patches, even for hardware controllers.
• It is best to enable automatic updates.