TRENDING

Beware of Your USB-C Cable: A Study Reveals That It’s Become Hackers’ New Favorite Weapon

  • Apple was forced to adopt the USB-C port for its iPhones, but it now faces a new problem.

  • A vulnerability in the driver of these ports allows the firmware to be extracted.

  • Although exploiting this problem isn’t currently straightforward, it certainly poses a potential threat.

USB-C cable
No comments Twitter Flipboard E-mail
javier-pastor

Javier Pastor

Senior Writer

Computer scientist turned tech journalist. I've written about almost everything related to technology, but I specialize in hardware, operating systems and cryptocurrencies. I like writing about tech so much that I do it both for Xataka and Incognitosis, my personal blog. LinkedIn

Cybersecurity researcher Thomas Roth recently revealed several vulnerabilities in Apple’s USB-C driver for the iPhone 15 and iPhone 16. Due to the complexity of the exploit, there are no immediate concerns, but the threat remains.

A universal USB-C port. In 2021, the European Union mandated that the USB-C port be the only charging option for mobile devices. The regulation was enacted in 2022, requiring all devices to use USB-C by the end of 2024. While Apple was initially hesitant, the company adopted the standard earlier than expected, implementing USB-C in the iPhone 15 models released in September 2023.

USB-C

USB-C, we have a problem. According to TechSpot, Roth has disclosed multiple vulnerabilities in the USB-C port driver. He presented his findings at the Chaos Communication Congress in Hamburg in December. There, he demonstrated it was possible to dump the firmware–essentially extracting it to create an external copy. This kind of process shouldn’t be feasible through this port.

The USB-C Standard Aimed to Address Cable Clutter. The Situation Is Worse Than Ever
More from Xataka On
The USB-C Standard Aimed to Address Cable Clutter. The Situation Is Worse Than Ever

No need to panic. Experts say no vulnerabilities have been exploited for now. However, Roth’s study indicates that accessing a USB-C’s driver firmware to execute code is technically possible. As such, the port could provide hackers with a means to attack the most recent iPhones.

Apple’s response. This type of vulnerability presents malicious actors with the opportunity to analyze the extracted firmware code. Hackers may also be able to identify vulnerabilities and develop exploits to take advantage of them. According to TechSpot, however, Apple hasn’t taken action regarding this matter because it considers the methods employed by Roth to be too complex.

More than just mere cables. USB-C cables conceal more than meets the eye. Recent CT scans performed by Lumafield revealed that some cables contain hidden components, such as microcontrollers or wireless antennas. These advanced electronics can turn USB-C cables into perfect tools for cyberattacks. As such, it’d be possible to run malware or keylogging software on connected devices using these components. Attackers could then spy on them and extract various types of data.

Image | Maxence Pira

Related | We Thought VPNs Were Unhackable, But It Looks Like Hackers Can Spy on Them While You're Connected

Topics

View 0 comments

Popular Topics
Return to top

Technology

International Editions

Information

Home o Index