If USB devices are connected to an iPhone or an iPad, these can use all sorts of attack surfaces: from access to certain data (including simplified jailbreak tests) to the takeover of the device via a keyboard mul, at least potentially-is possible. For this reason, users must always unlock their iOS and iPados device before a connection is allowed. For example, attacks on manipulated chargers (“Juice Jacking”) are to be avoided – because only electricity flows in the blocked state, but no data. The problem: Users quickly unlock their devices, which gives manipulated USB devices the opportunity to become active immediately. In iOS 26 and iPados 26, Apple has now subsequently sharpened: in the future there will be significantly better approaches to USB attacks.
Inspiration at Mac
Apple is based – finally – on the Mac. There, the system explicitly asks whether a new device should receive access or not – after unlocking the system. In the future, the standard will also be with iPhone and iPad that a USB device-be it a dock or a hub, an intelligent (and therefore possibly abused) cables or an SSD-only gets device access after clicking on “allow”. So it is no longer enough to unlock the device biometrically, which sometimes takes place every day hundreds of times.
The iPhone manufacturer has also integrated new settings that can be used to determine how generally with USB devices that are connected to iPhone or iPad. The possibilities are wide: So you can always allow them (even without unlocking), which is not advisable, always force demand (the safest variant usually without great comfort), only ask for new devices (as you know it from the MAC) or, as before, to give immediate access when unlocking the device.
Pause for a short time
With the new possibilities, it becomes impossible to involuntarily access USB devices only by unlocking iPhone or iPad. However, you should also remain careful: if the system asks whether a connection should be allowed, you always have to stop briefly. It is also important to know that charging processes themselves do not have to be released – these run automatically when the condition is blocked. Accordingly, you should not confuse a data release with a load free.
If you want to physically protect yourself from USB devices, you can also buy a hardware solution: among other things Nitrokey data blockers available for USB-C in Heise Shop Always only lets electricity – and never data.
Discover more from Apple News
Subscribe to get the latest posts sent to your email.