Change this setting today.
NurPhoto via Getty Images
Updated, Oct. 23 with more detail on this serious security flaw with iOS 26.
If you have an iPhone, you’re likely running iOS 26. But be warned. There’s a dangerous hidden setting buried in your phone that you must change. Apple doesn’t often make mistakes when it comes to security and privacy. But it has done so here. Apple Support is reportedly warning users about the issue, but there is no public information yet.
We’re talking Apple’s excellent new defense against malicious accessories plugged into your device. While over-the-air, wireless, remote attacks grab headlines, your phone is as likely to be compromised by a cable as a WiFi or cellular connection.
This is why both Apple and Google have added time-outs to iPhone and Android phones to return devices to their before first unlock (BFU) state to stop forensic software from exfiltrating phone data. And it’s why juice jacking is still newsworthy.
These so-called “Wired Accessories” options can be found in Settings > Privacy & Security > Security. Apple explains that you have the following options:
- “Always Ask: approve every accessory manually, every time.
- Ask for New Accessories: approve new accessories manually the first time they connect.
- Automatically Allow When Unlocked: approve accessories automatically when they connect to your unlocked iPhone or iPad (default setting).
- Always Allow: approve all accessories automatically when they connect.”
As you can see, the default setting is to automatically allow new wired/physical accessories to connect when your iPhone is unlocked. This is dangerous. And so is the worst option of all: to “always allow” connections. Either of the other two are fine — always ask or ask when connecting any new accessory.
I warned all iPhone users to change this setting when iOS 26 was first released. And more such warnings are now being issued (1,2). TSA and others say that juice jacking remains a threat, even as FCC assures otherwise. But irrespective of that, you should be warned before connecting a new accessory to your phone in its unlocked state.
A physical accessory plugged into your iphone is a risk if it is afforded trusted status just because your phone is unlocked. I’m not sure why Apple set the default as it did. But it’s an easy change to make. You should do that now. It takes just a few seconds.
Meanwhile, a serious word of caution. Readers have reported a known issue with iOS 26 that may prevent you changing these settings until it’s fixed. It doesn’t affect all phones, but multiple users have reported the issue to me.
Change your Wired Accessory settings now.
Apple iOS 26 / @UKZak
I’ve been told that all the options may be greyed out, or you may just see the “Always Allow” and “Allow When Unlocked” options, neither of which is a good, secure option for your iPhone. Ironically, it’s the two acceptable options that appear broken.
You may be advised to reset your iPhone’s settings to restore the Wired Accessory options ahead of an iOS 26 fix. Whilst this is apparently still in the works, it’s a huge inconvenience to reset your phone. You can leave the settings on their default ahead of the fix, just be wary of plugging anything into you phone whilst it’s unlocked.
There is no general information available on this bug as yet, but I’m told Apple is advising some affected users this will be addressed in the next iOS update. Whether this is the imminent iOS 26.0.2 or the more material iOS 26.1 remains to be seen.
The security flaw has been outed in several threads on Reddit (1,2), albeit there’s no general awareness of the issue as yet. Reports that Apple is addressing this in an imminent iOS 26 have come directly from Apple Support’s updates to several users.
But as yet, even Apple’s Support appears to have limited information on this flaw. I’ve heard reports of users being walked through a process to check for and disable VPNs, and even a check Screen Time settings to ensure no restrictions are in place.
The issue appears to manifest itself as either all Wired Accessory options being greyed out, or more commonly only the two unsecure options being available with the two better options completely missing from the list.
Clearly, if that’s the case for you, then select “Automatically Allow When Unlocked,” as that will at least afford you protection from a cable or accessory being plugged into your locked device. The “Always Allow” option really should be avoided at all times.
We expect iOS 26.0.2 maybe as soon as this week and iOS 26.1 just days later — before the end of October if it follows prior years for the first packaged fuller update to a new iOS release. Little is known about the first, minor update, albeit this Wired Accessory issue is exactly the kind of flaw fixed in these intermediate installs.
iOS 26.1 promises a refresh of the unused background security installs, intended to fix issues without all the palava of a full install and reset. This would be a major step forward for Apple, further differentiating iPhone from Samsung, which still struggled with the efficiency and effectiveness of its own update programs.
Meanwhile, don’t forget to change this setting as soon as you can, if you’re one of those affected by the flaw. There has been some speculation that older iPhones may not have the full range of Wired Accessory options even when working properly. Once the fix is in place we’ll be able to form a better view as to whether that’s the case or not.
