Why iPhone chargers can be dangerous
Android has never been more secure – but while it’s narrowing, there’s still a gap in the iPhone that Google and Samsung are working hard to bridge. Android 15’s range of security and privacy improvements, the current sideloading clampdown, and the withdrawal of high-risk apps from the Play Store are all game-changing updates.
But now there are areas where Android security outperforms iPhone, which is an interesting difference. One is the new cellular network protection that Google added to Android 15—though no phone is wired to run this yet, and the other is a little-known new Samsung update that’s a great security option for users and one to keep. Be aware of when you plug in your iPhone to charge.
Regardless of anti-theft, if you have physical control over an unlocked device and access to its PIN, then you can pretty much do whatever you want. All data is at risk, including decrypted message stores for the likes of iMessage, WhatsApp and Signal, and even access to saved usernames and passwords.
But an attacker can gain almost physical access to a device with a cable connected to a phone in an unlocked state. So-called juice removal warnings are overblown — attackers aren’t actually looking at your phone in an airport lounge to steal your vacation photos when you plug it in to charge. But targeted attacks – for example against those on business trips abroad or against journalists, activists and dissidents – are very real.
OMG attack cable
I’ve covered Mike Grover’s infamous OMG cables before. Yours for just $179.99 and available in USB-C or Lightning format, the cable is “a handcrafted USB cable with an advanced implant hidden inside.” Marketed as a Red Team pen testing or training aid, they showcase the art of the possible. And while it costs more than $180, intelligence and security agencies around the world have similar capabilities.
This is where Samsung’s new update comes in. By enabling Maximum Restrictions on your Galaxy phone—now by default for new devices, the setting blocks USB data access to the device. It is strictly fee only. “Malicious bootloaders, computers and other devices will not be able to send commands to your phone when you connect using a USB cable,” Samsung says. “This prevents unauthorized access and manipulation of your device and data via USB commands.” It will also block software from being installed on your phone via a USB connection.
Maximum limits
As reported by Samsung magazine“Samsung started rolling out the November security patch late last month. This doesn’t change much, but it modifies the way the auto-lock feature works. It now blocks all USB connections except charging.”
There are some unintended problems with this new update, which while “good for security, prevents the Android Car app from running on Galaxy devices, at least over a wired connection.” You can fix the issues by playing with the settings, but my recommendation would be to keep the restriction on.
iOS 18 USB data connection limitation
So let’s get back to how iPhones handle this risk. If you don’t want to hamper your device by putting it in lock mode, iPhone’s default is to assume consensus when unlocked. But in your FaceID and Passcode setting, you have an “Accessories” option which you should disable. This prevents data connections when your phone is locked for an hour or more, but doesn’t block data connections when it’s unlocked—though the exfiltrated data can’t be decrypted outside the device.
Here’s how iPhone data connection restrictions work:
- If your device has been locked for an hour, data connections are disabled. “This limits the attack surface to physically connected devices such as malicious chargers, while still enabling the use of other accessories within reasonable time constraints.”
- Restrictions continue to apply during that closed hour. “Only data connections will be allowed from accessories that were previously connected to the device in an unlocked state. These accessories are remembered for 30 days after the last time they were connected.”
- If an unknown wired accessory tries to establish a data connection during that hour, iPhone “will disable all additional data connections over those connections until the device is unlocked again.”
- If no wired data connection has been established for more than three days, the iPhone “will stop new data connections immediately after being locked. This is to increase protection for users who do not use such accessories frequently. “
- If the iPhone “is in a state where it requires a passcode to re-enable biometric authentication,” then all data connections are disabled.
Regardless of whether or not spillage is excessive, it’s best to be careful about plugging a charging cable into an unfamiliar outlet in a public place. I recommend using your own charger or purchasing a physical data blocker that sits between your cable and the outlet. These are cheap and available online. With hotels and lounges starting to default to USB plugs, there are good things to have on hand.
When traveling overseas or if you are potentially a target given your politics or profile then it is definitely not recommended. If someone wants to access your phone and your data, make it as difficult as possible for them to do so.