AMITIAE - Thursday 23 June 2016

Cassandra: Headphone Security - Different Approaches Taken by iOS and Android

apple and chopsticks


By Graham K. Rogers


There has been much written about the possibility that Apple will replace the standard 3.5mm headphone jack on the next generation of iPhones and reply on the Lightning Port, with an option for a Lightning to Headphone jack for those who want it.

Not that I want to debate the merits of these output methods, but I hope that the Lightning port option is what Apple decides on, from the points of quality, a reduction in internal components (hence more space for battery) and the point that the technology is rather long in the tooth. I am well aware that others will disagree with these points. So be it.

Ports on iPhone

While looking at a number of articles on the relative merits of the ports and connectors, I found some research (Alex Gould) that examined a problem with an Android device that was being used with a set of Apple earbuds that had a faulty cable (Page 4). Unsurprisingly this was found to have caused erratic behavior in the iPhone and could have interrupted sound delivery if it were used with an iPhone.

An investigation found that such a faulty cable caused erroneous input. Such variations could be used to hijack an Android device. The two systems handle input through the standard headphone jack in different ways.

Gould reports that iOS devices only react to a single change in voltage: when the button on the headphones is pressed. This button is situated in the cable to the right earbud. Again, were the cable frayed, this could cause either an interruption to the sound output, or turn the delivery on and off intermittently.

iPhone earbuds
Control button in right earbud cable

There is a major difference in the way Android devices handle inputs, with different resistance levels . . .

Resistance levels

. . . and Gould suggests that a frayed cable could have triggered an undocumented keycode. He also notes that certain of the values differ from device to device. This opens the possibility that such an ability to perform actions has considerable potential that could lead to external attacks without normal safeguards, although any attacks could only be carried out (at this stage) if the device were physically compromised, such as if the phone were stolen.

Full details of his tests and the extended potential for security risks are in his paper, AudioJacked - Theft of Money and Information Through a Phone's Audio Port.

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. He is now continuing that in the Bangkok Post supplement, Life.



Made on Mac

For further information, e-mail to

Back to eXtensions
Back to Home Page

All content copyright © G. K. Rogers 2016