![\"iPhone](\"https:\/\/www.europesays.com\/ie\/wp-content\/uploads\/2025\/11\/1764457827_16_0x0.jpg\")
<\/p>\n<\/p>\n
Your phone is at risk \u2014 make this change now.<\/p>\n
SOPA Images\/LightRocket via Getty Images<\/p>\n
Apple does not make mistakes often \u2014 but it has done so now. If you have an iPhone 17, 16 or 15, then there\u2019s a hidden setting you must change. It has been set to a dangerous default, and leaves your phone open to attack. It takes seconds to fix \u2014 do that now.<\/p>\n
The warning stems from the iOS 26 update in September. This introduced much needed protection against the risk of data being secretly extracted from an iPhone through a malicious charging cable or accessory. But it has been set up badly.<\/p>\n
ForbesStop Using Your VPN\u2014Feds Warn iPhone And Android UsersBy Zak Doffman<\/a><\/p>\n After you first unlock your iPhone after it\u2019s reset or switched on, it can be connected to a USB accessory or computer. Before it\u2019s unlocked that first time it won\u2019t connect. That\u2019s why Apple added a controversial<\/a> 72 hour time-out, returning untouched phones to their before first unlock (BFU<\/a>) state to prevent forensic software extractions.<\/p>\n With iOS 26, Apple went further. Adding additional defenses<\/a> for iPhones with USB-C ports, enabling users to prevent a rogue cable connection stealing data or worse. This affects iPhone 15s and newer, after the company moved away from Lightning ports. <\/p>\n Wired accessory protection<\/p>\n iOS 26 \/ @UKZak<\/p>\n Apple offers options to \u201calways ask\u201d whether you want a connection to be to ask for \u201cnew accessories.\u201d That should be the default, \u201cask for new accessories.\u201d But it\u2019s not. Apple has set the default to \u201cautomatically allow when unlocked.\u201d That means that once a phone is unlocked it will connect to any USB-C accessory that\u2019s plugged in.<\/p>\n Changing the setting is easy. Go to Settings > Privacy & Security > Wired Accessories, and then select either \u201cAlways Ask\u201d or \u201cAsk for New Accessories.\u201d<\/p>\n A critical reminder as to why this is critical has just been posted on X. \u201cWhatsApp end-to-end encryption Vs forensic extraction\u201d points out the exposure of data on your phone once the phone is unlocked, the data decrypted, and then the contect exfiltrated. <\/p>\n \u201cAlthough WhatsApp uses end-to-end encryption to protect messages, calls, and shared media during transmission, this protection only applies while the data is moving between devices. Once the content reaches the device, it is stored unencrypted within WhatsApp\u2019s local databases and media folders.\u201d <\/p>\n ForbesMicrosoft Update Warning\u20141 Billion Windows Users Must Now ActBy Zak Doffman<\/a><\/p>\n As I\u2019ve warned many times before, end-to-end encryption only protects against man-in-the middle attacks intercepting content on a network (as in Salt Typhoon<\/a>) or server-side, which is why Telegram is less secure<\/a> than WhatsApp, iMessage or Signal. It does not protect against an endpoint (your phone) being compromised.<\/p>\n