USB devices on the iPhone: Apple improves security function
Until now, external USB devices have been able to access iPhone content as soon as the device is unlocked. With iOS 26, this can be fine-tuned.
iOS 26 and USB-C cable: usage lock on request as with the Mac.
(Image: Apple)
If USB devices are connected to an iPhone or iPad, they can be used for all kinds of attacks: from access to certain data (including simplified jailbreak attempts) to device takeover via keyboard emulation—at least potentially—a lot is possible. For this reason, users must always unlock their iOS and iPadOS device before a connection can be established. This is intended to prevent attacks via manipulated chargers (“juice jacking”) – because, when locked, only power flows but no data. The problem: users unlock their devices quickly, which gives manipulated USB devices the opportunity to become active immediately. Apple has therefore tightened up iOS 26 and iPadOS 26: in the future, there will be significantly better approaches against USB attacks.
Inspiration from the Mac
Apple takes its cue from—finally—on the Mac. There, the system explicitly asks whether a new device should be granted access or not—after unlocking the system. In the future, it will also be standard for iPhones and iPads that a USB device—be it a dock or a hub, an intelligent (and therefore possibly misused by attackers) cable, or an SSD—will only be granted device access after clicking on "Allow." It is therefore no longer sufficient to unlock the device biometrically, which is sometimes done hundreds of times a day.
Videos by heise
The iPhone manufacturer has also integrated new settings that can be used to specify how USB devices connected to the iPhone or iPad should be handled in general. The options are broad: you can always allow them (even without unlocking), which is not advisable; always force a request (the safest option, usually without a major loss of convenience); only ask for new devices (as known from the Mac); or, as before, grant immediate access when unlocking the device.
Pausing for a moment helps
With the new options, it will be impossible to involuntarily grant access to USB devices simply by unlocking the iPhone or iPad. However, you should remain careful even then. If the system asks whether a connection should be allowed, you must always pause briefly. It is also important to know that charging processes themselves do not need to be authorized; these also run automatically in the locked state. Accordingly, data sharing should not be confused with charging sharing.
If you want to physically protect yourself from USB devices, you can also buy a hardware solution: The Nitrokey data blocker for USB-C, available from the heise store among others, only ever allows power through—and never data.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(bsc)
