Apple’s Lightning Cable Teardown Reveals TI Chip Which Has “Modest” Security

BY Rounak Jain

Published 17 Oct 2012

With the iPhone 5, Apple switched to a new “Lightning” connector standard, which replaced the outdated 30 pin dock connector found in the millions of iOS devices and iPods sold till now. Although this annoyed a number of people who owned a lot of 30-pin based connector accessories, the move was unavoidable given Apple’s obsession with thinness and the 30-pin connector’s outdated specification.

The new connector has 8 metal pins with the surrounding metal support serving as the ground. The connector has an adaptive interface, allowing accessories to negotiate with the device, which dynamically assigns required pins for communication. Due to the adaptive interface, the Lightning connector, unlike the usual “dumb” cables, requires some amount of smartness, which is why both sides (the device dock and the accessory) need to have embedded chips.

These embedded chips also raised concerns over the possibility of Apple implementing authentication protocols to prevent unlicensed cables and accessories from interfacing with iOS devices.

ChipWorks took a look at the internals of the lightning cable and found that it has four embedded chips, including one from Texas Instruments (TI) named “BQ2025.” Datasheets for this chip aren’t publicly available, but TI does have data sheets for closely related chips:

TI does have published datasheets on the BQ2022, BQ2023, BQ2024, and BQ2026. These four chips are cataloged on TI’s website as battery fuel gauges, but they are not identical, with three of them being serial EPROMs and one of them being a battery monitor IC.

However, all four do have some common characteristics. All use a single wire SDQ interface (TI’s proprietary serial communications protocol), and all have some basic security features such as CRC generation. So, it is certainly likely that the BQ2025 does have some security implemented on it. It would also seem likely that it includes an SDQ interface.

Cyclic Redundancy Check (CRC) is an error detection technique which adds a few redundant bits to data being transferred, so that its integrity can be verified once it reaches its destination.

t1-chip-lightning-cable

The folks at ChipWorks further talk about the security implemented by the chip:

It is actually very interesting that we may have found a chip with (likely) some modest security in this cable. In this case not only related to securing their revenue stream for cables or ensuring reliable and high quality (licensed) peripherals, but in delivering useful product features that are not necessarily in the consumers top of mind.

[…]

Previously, we have analyzed security devices regarding medical printer media (armbands), printer cartridges, flash drive memory, batteries, and smart cards, but this is the first secure cable we have seen. The security does not come close to the herculean approaches that are used in (for example) today’s printer cartridges, but resembles the level of effort that cartridge manufacturers used to implement in the olden days. In other words, at this time the security is “just enough.” With future generations of Apple and non-Apple products, we may begin to see even stronger security and control if the market forces merit it.

The claims of modest security being baked into these cables explain the quickness in which the authentication in these chips was broken by third party accessory makers.