Juice Jacking Protection Setting Broken in iOS 26
Researchers at Graz University of Technology discovered severe, unpatched vulnerabilities in iPhones, Android phones and other devices that facilitate attacks and data theft via malicious USB chargers. Previously known and addressed as “juice jacking,” the effective new technique has been titled “ChoiceJacking.”
This vulnerability exists because USB ports can simultaneously transfer both power and data, potentially allowing a compromised charging station in an airport, hotel, or other public place to attack a connected iPhone.
Although there are no reports of juice jacking attacks in the wild, Apple added protection against this vulnerability years ago with a setting that explicitly prompts you to allow wired accessories to connect. You can configure iOS to handle accessories in four ways: ask every time, ask only for new accessories, automatically allow connections when the device is unlocked, or always allow connections.
[…]
Unfortunately, as a post on a private mailing list alerted me, there’s a bug in iOS 26.0.1 related to the accessory protection controls in Settings > Privacy & Security > Wired Accessories. The bug also affects iPadOS 26. For some iPhones and iPads, including both my iPhone 17 and fourth-generation iPad Air, the accessory connection control is locked to Always Allow, and a note below says, “This setting is managed by your organization and cannot be changed.”
Previously:
1 Comment RSS · Twitter · Mastodon
My 26.0.1 phone (not a beta) shows all four options enabled, FWIW.
MacInTouch links apparently return nothing when reached over iCloud Private Relay. I've been wondering why the site seemed completely broken for me, going back weeks.
