Your phone is at risk – make this change now.
Table of Contents
Apple does not make mistakes often – but it has done so now. If you have an iPhone 17, 16 or 15, then there’s a hidden setting you must change. It has been set to a hazardous default, and leaves your phone open to attack. It takes seconds to fix – do that now.
The warning stems from the iOS 26 update in September.This introduced much needed protection against the risk of data being secretly extracted from an iPhone through a malicious charging cable or accessory. But it has been set up badly.
after you first unlock your iPhone after it’s reset or switched on, it can be connected to a USB accessory or computer.Before it’s unlocked that first time it won’t connect. that’s why Apple added a controversial 72 hour time-out, returning untouched phones to their before first unlock (BFU) state to prevent forensic software extractions.
With iOS 26, Apple went further. Adding USB Restricted Mode, which is designed to prevent unauthorized access to your iPhone when it’s locked and connected to a USB port. though, the default setting allows this access after 72 hours of being locked.
This means that after three days of not unlocking your iPhone, it will allow a computer or accessory to connect and potentially access your data, even while it’s locked. This is a significant security risk.
How to fix it:
Go to Settings > Face ID & Passcode (or Touch ID & Passcode).scroll down to the USB Accessories section and toggle USB Accessories to OFF.
This will prevent your iPhone from allowing any USB connection after 72 hours, forcing you to unlock your phone before a connection can be established. While inconvenient, it’s a small price to pay for significantly increased security.
Updated on Nov. 30 with confirmation of an ongoing iPhone vulnerability.
iPhone Security bug Traps Users in Accessory Settings, Requiring Factory Reset
update as of November 30, 2023: A persistent bug in iOS continues to affect some iPhone users, locking them out of managing USB accessory settings and potentially forcing them into unwanted automatic connection behaviors. While initially reported in September 2023, the issue remains unresolved as of late November, and the only known permanent fix is a full device reset and restore from backup.
The Problem: Locked Accessory Settings
The bug prevents users from changing settings related to USB accessories, specifically the “Allow USB Accessories” toggle found in Settings > Privacy & Security > USB Accessories. Affected users report that all options within this menu are disabled, preventing them from choosing between “Never Allow,” “Ask Every Time,” “Automatically Allow When Unlocked,” or “Always Allow.” Being stuck on “Always Allow” is notably concerning, as it automatically connects the iPhone to any computer it’s plugged into, potentially exposing the device to security risks.
The issue does not appear to be related to organizational profiles or Mobile device Management (MDM) configurations, indicating it’s a broader software flaw. A reader of Forbes highlighted the ongoing problem with a screenshot demonstrating the disabled settings.
Potential Workarounds and the Current Solution
Some users have suggested that enabling Apple’s Lockdown Mode might temporarily unlock the settings, but this has not been consistently replicated. Lockdown Mode is an extreme, optional security setting designed for individuals facing targeted cyberattacks, and is not a practical solution for most users.
Currently, the only confirmed solution is to wholly reset the iPhone to factory settings and restore it from a backup.As noted by Forbes, this is a drastic measure, and for many users, the inconvenience and potential data loss outweigh the risks of the bug.
Understanding Apple’s USB Accessory Protection
Apple introduced the USB accessory protection feature to safeguard against “juice jacking” and other malicious attacks that can occur when connecting to untrusted USB power sources or computers. This protection, while valuable, has a default setting that some users may find overly restrictive. The default setting is to “Ask Every Time” a USB accessory is connected.
What Users Can Do
* Exercise Caution: If you are affected by this bug, be extremely careful when connecting to wired accessories, especially public charging stations or unfamiliar computers.
* Monitor iOS Updates: Check for updates to iOS regularly, as Apple may release a fix in a future software release.
* Consider a Reset (Last Resort): If the bug is causing significant concern, and you have a recent backup, a factory reset and restore may be necessary.
Sources:
* Doffman, Zak. “Feds Warn iPhone And Android Users-Stop Using Your VPN.” forbes, November 29, 2023.https://www.forbes.com/sites/zakdoffman/2023/11/29/feds-warn-iphone-and-android-users-stop-using-your-vpn/?sh=4999999f699a
* usenix Security Symposium.”A Security Evaluation of Apple’s Lockdown Mode.” https://tugraz.elsevierpure.com/ws/portalfiles/portal/89650227/Final_Paper_Usenix.pdf