Naked Security Naked Security

News flash: hacker turns Apple’s Lightning connector into a jailbreak conductor

A French hacker says he'll soon be making modified Lightning connector cables that will give Apple iOS jailbreakers a better view inside their iDevices.

The only external data port for connecting into recent Apple iPhones and iPads is the so-called Lightning connector.

This connector has one neat feature, namely that you can plug it in either way round, and two annoying ones.

The downsides are that it’s actually so tiny (and the casing so slippery-smooth and rounded) that’s it’s difficult to unplug without resorting to yanking on the cable.

At $30 for a new cable, hurting the connections inside it could quickly prove expensive.

Oh, that, and the problem that it’s proprietary, and a trade secret, and its functionality is apparently obfuscated by special chips inside both the cable and your iDevice.

To Android hackers, that’s almost inconceivable.

They just buy one of Google’s unlocked Nexus devices, connect to it with a vanilla USB cable, and ask nicely for a root shell using the Android Debug Bridge.

Playing by Apple’s rules

But Apple has always spent a lot of effort to lock down its iDevices so that you can’t adapt them to your own wants and needs: it’s Apple’s way, or not the information superhighway.

To be fair, the locked-down, walled-garden ecosystem for iPhones, iPods and iPads has resulted in them being more secure than Androids – or at least much less at risk from hackers, crackers and cybercrooks.

Of course, Apple’s motivation for the degree of control it has exerted over iOS is, at heart, all about control.

Nevertheless, malware attacks, for example, are almost unknown on iDevices.

But that doesn’t stop a hard core of Apple enthusiasts from wanting to liberate their iPhones from Apple’s overlordship.

Setting your iPhone free is known by the metaphor jailbreaking, and although it exposes you to security risks that you now have to manage yourself, it may, paradoxically, help to you close security holes sooner, if they’re known but not yet patched by Apple.

Ironically, because Apple deliberately locks down your iPhone to try to stop you jailbreaking it, you need to find a backdoor or security hole to gain entry in the first place.

Why say “No” to jailbreaking?

Naked Security readers tend to think that Apple ought to embrace the jailbreaking community, which is only a small minority of Apple fans, so that both sides could co-operate freely.

After all, as things stand, jailbreakers are loath to let Apple know in advance about security holes they find.

If they do, Apple will immediately rush to close them before they can be used for the lawful purpose (in some jurisdictions; check with a lawyer in yours) of getting into your own device.

And if you’ve bought it outright, it is your device: why shouldn’t you run OpenBSD on it if you want? Or Linux? Or your very own homebrew port of Android?

Listen to our discussion about Apple updates and the pros and cons of jailbreaking in Sophos Security Chet Chat #183. [Apple content starts at 0’30”, with jailbreak commentary from 2’34” to 3’53”.]

(Audio player above not working? Download the MP3, or listen on Soundcloud.)

Nevertheless, Apple doesn’t want to play that game, so jailbreakers have to make their own running.

And a hacker going by @key2fr has done just that with the aforementioned Lightning connector.

The details are not for the faint-hearted, not least because @key2fr had to desolder one of the chips from his own iPhone.

The important chip is approximately 2.5mm x 2.5mm (for our American readers, that is an area less than one-hundredth of a square inch), and has 36 ball-shaped connectors in a 6×6 grid hidden on its underside.

Kernel debugging, anyone

Anyway, the long story short is that@key2fr has been able to rig up a special version of the Lightning cable that will get you a lot closer to the heart of your iDevice.

He hasn’t actually worked out a jailbreak yet, but for those interested in learning more about the innards of iOS, he has taken a big step forward.

Without joining Apple’s Made For iDevice programme  – which imposes royalty payments that are secret until you apply and accept an NDA – he was able to get a serial console to show the iOS boot process itself.

“Since a lot people have been asking me how they could make their own cable,” he said on Twitter, I’ll make a first batch […] next week.”

If you’re a jailbreaker, you might want to keep your eye on availability!

NB. Whatever we may think of jailbreaking your own device, we recommend a default corporate policy of blocking jailbroken iDevices from your organisation’s network. That’s why Sophos Mobile Control makes it easy to do just that. If you have a jailbroken iPhone and your IT department says, “Sorry, not allowed,” please support their choice. It really does mean one less thing for them to worry about!

Leave a Reply

Your email address will not be published. Required fields are marked *