Now Reading
Apple’s Lightning Connector Reverse Engineered

Apple’s Lightning Connector Reverse Engineered

by Neil SardesaiFebruary 16, 2015

Since the iPhone 5 was first introduced in 2012, all iOS devices have switched to Apple’s Lightning connector, replacing the older 30-pin dock connector.

Lightning is a proprietary bus, meaning that users aren’t given hardware console access or detailed information about the signals without a special MFi license from Apple. With the better documented and more open 30-pin connector, hackers had access to multiple tools like serial kernel debugging, which was useful for discovering exploits for jailbreaks. But with Lightning, things got a little harder. However, a team of hackers at French blog Ramtin Amin have broken the protocols inside Lightning, meaning that anyone can now get console access.

Reverse Engineering Lightning

Apple's Lightning Connector Reverse EngineeredThe exact details of the process may be daunting and difficult to understand for most readers. This article offers a simplified version.

To break Lightning’s security protocols, Ramtin Amin had to first thoroughly understand and research Lightning. The first step was to read through various Lightning patents and leaked documents. Ramtin needed a special type of serial connector along with other related hardware. After disassembling the firmware and reading the output through a logic analyzer, Ramtin figured out part of the protocol, and after more research, schematics for how a Tristar chip in Lightning products was wired. Getting through this chip was the key to obtaining serial console access. You can see Ramtin’s proof of concept in this video:

Implications for iDevice Users

For end users, this really doesn’t mean much, at least in the short term. Ramtin hasn’t discovered anything that isn’t already available to MFi-certified vendors. This is not a security issue since it does not compromise iOS’s code signing that prevents unauthorized code from executing. This is also not like Thunderstrike, where a rogue Thunderbolt device could flash its own code to a Mac’s boot ROM. All this means is that hackers now have better debugging tools, which could make discovering future exploits for jailbreaks easier. This may be a bit worrisome for Apple, since hiding these tools from non-MFi developers meant somewhat better security. But security through obscurity has never really been a great strategy anyway.

Images from Shutterstock and Ramtin Amin.

Advertised sites are not endorsed by us. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
What's your reaction?
Love it
Hate it