Your phone is at risk — make this change now.
SOPA Images/LightRocket via Getty Images
Updated on Nov. 30 with confirmation of an ongoing iPhone vulnerability.
Apple does not make mistakes often — but it has done so now. If you have an iPhone 17, 16 or 15, then there’s a hidden setting you must change. It has been set to a dangerous default, and leaves your phone open to attack. It takes seconds to fix — do that now.
The warning stems from the iOS 26 update in September. This introduced much needed protection against the risk of data being secretly extracted from an iPhone through a malicious charging cable or accessory. But it has been set up badly.
ForbesGoogle’s Play Store Update—Delete All These Spyware Apps NowBy Zak Doffman
After you first unlock your iPhone after it’s reset or switched on, it can be connected to a USB accessory or computer. Before it’s unlocked that first time it won’t connect. That’s why Apple added a controversial 72 hour time-out, returning untouched phones to their before first unlock (BFU) state to prevent forensic software extractions.
With iOS 26, Apple went further. Adding additional defenses for iPhones with USB-C ports, enabling users to prevent a rogue cable connection stealing data or worse. This affects iPhone 15s and newer, after the company moved away from Lightning ports.
Wired accessory protection
iOS 26 / @UKZak
Apple offers options to “always ask” whether you want a connection to be to ask for “new accessories.” That should be the default, “ask for new accessories.” But it’s not. Apple has set the default to “automatically allow when unlocked.” That means that once a phone is unlocked it will connect to any USB-C accessory that’s plugged in.
Changing the setting is easy. Go to Settings > Privacy & Security > Wired Accessories, and then select either “Always Ask” or “Ask for New Accessories.”
A critical reminder as to why this is critical has just been posted on X. “WhatsApp end-to-end encryption Vs forensic extraction” points out the exposure of data on your phone once the phone is unlocked, the data decrypted, and then the contect exfiltrated.
“Although WhatsApp uses end-to-end encryption to protect messages, calls, and shared media during transmission, this protection only applies while the data is moving between devices. Once the content reaches the device, it is stored unencrypted within WhatsApp’s local databases and media folders.”
As I’ve warned many times now, end-to-end encryption only protects against man-in-the middle attacks intercepting content on a network (as in Salt Typhoon) or server-side attacks, which is why Telegram is less secure than WhatsApp, iMessage or Signal. It does not protect against an endpoint (your phone) being compromised.
One word of caution. As I’ve reported before, an Apple bug still prevents some users from updating the Wired Accessories settings on their iPhones. This has been an issue ever since the update was released in September, and while Apple Support has told users this will be addressed in a forthcoming iOS update, there’s no fix as yet.
This is not the same as for older iPhones with Lightning connectors. Those devices will not be offered the new protections, and will instead just have the Always Allow and Allow When Unlocked options, neither of which is recommended.
Broken settings (Nov. 30)
Apple
The bug disables all the options and prevents any changes being made. Unfortunately, it means your device will be stuck on either Automatically Allow When Unlocked or — even worse — Always Allow. I had assumed this would have been fixed by now, but at the time of writing on Nov, 30, that’s still not the case. The above screenshot was sent to me by a Forbes reader to highlight the ongoing issue.
The affected iPhone is not running any organizational profiles or MDM. This is a known feature of the bug, as was being reported by users in September. Some users suggest enabling Apple’s Lockdown Mode will unlock the settings, albeit it remains unclear whether that’s a replicable solution or not.
ForbesFeds Warn iPhone And Android Users—Stop Using Your VPNBy Zak Doffman
The only known resolution is to fully reset your device and restore if from a backup. While wired accessories is a dangerous setting, for most users it will not be worth this drastic remedy. If you’re affected, just be careful with wired accessories and check after each iOS update. Apple’s new protection is excellent — its default setting is not.
Make the change today (if you can).