Apple’s Lightning Connector Reverse Engineered
Lightning is a proprietary bus, meaning that users aren’t given hardware console access or detailed information about the signals without a special MFi license from Apple. With the better documented and more open 30-pin connector, hackers had access to multiple tools like serial kernel debugging, which was useful for discovering exploits for jailbreaks. But with Lightning, things got a little harder. However, a team of hackers at French blog Ramtin Amin have broken the protocols inside Lightning, meaning that anyone can now get console access.
Reverse Engineering Lightning
The exact details of the process may be daunting and difficult to understand for most readers. This article offers a simplified version.
To break Lightning’s security protocols, Ramtin Amin had to first thoroughly understand and research Lightning. The first step was to read through various Lightning patents and leaked documents. Ramtin needed a special type of serial connector along with other related hardware. After disassembling the firmware and reading the output through a logic analyzer, Ramtin figured out part of the protocol, and after more research, schematics for how a Tristar chip in Lightning products was wired. Getting through this chip was the key to obtaining serial console access. You can see Ramtin’s proof of concept in this video:
Implications for iDevice Users
For end users, this really doesn’t mean much, at least in the short term. Ramtin hasn’t discovered anything that isn’t already available to MFi-certified vendors. This is not a security issue since it does not compromise iOS’s code signing that prevents unauthorized code from executing. This is also not like Thunderstrike, where a rogue Thunderbolt device could flash its own code to a Mac’s boot ROM. All this means is that hackers now have better debugging tools, which could make discovering future exploits for jailbreaks easier. This may be a bit worrisome for Apple, since hiding these tools from non-MFi developers meant somewhat better security. But security through obscurity has never really been a great strategy anyway.
Images from Shutterstock and Ramtin Amin.