If you have an iPhone, you’re likely running iOS 26. But be warned. There’s a dangerous hidden setting buried in your phone that you must change. Apple doesn’t often make mistakes when it comes to security and privacy. But it has done so here.
We’re talking Apple’s excellent new defense against malicious accessories plugged into your device. While over-the-air, wireless, remote attacks grab headlines, your phone is as likely to be compromised by a cable as a WiFi or cellular connection.
This is why both Apple and Google have added time-outs to iPhone and Android phones to return devices to their before first unlock (BFU) state to stop forensic software from exfiltrating phone data. And it’s why juice jacking is still newsworthy.
These so-called “Wired Accessories” options can be found in Settings > Privacy & Security > Security. Apple explains that you have the following options:
- “Always Ask: approve every accessory manually, every time.
- Ask for New Accessories: approve new accessories manually the first time they connect.
- Automatically Allow When Unlocked: approve accessories automatically when they connect to your unlocked iPhone or iPad (default setting).
- Always Allow: approve all accessories automatically when they connect.”
As you can see, the default setting is to automatically allow new wired/physical accessories to connect when your iPhone is unlocked. This is dangerous. And so is the worst option of all: to “always allow” connections. Either of the other two are fine — always ask or ask when connecting any new accessory.
I warned all iPhone users to change this setting when iOS 26 was first released. And more such warnings are now being issued (1,2). TSA and others say that juice jacking remains a threat, even as FCC assures otherwise. But irrespective of that, you should be warned before connecting a new accessory to your phone in its unlocked state.
A physical accessory plugged into your iphone is a risk if it is afforded trusted status just because your phone is unlocked. I’m not sure why Apple set the default as it did. But it’s an easy change to make. You should do that now. It takes just a few seconds.