iOS 11 has introduced security-enhancing tweaks, including one that changes how trust is established between your computer and an iPhone, iPad or iPod touch connected to it.
As previously explained, iOS displays a prompt asking if you’d like to trust your Mac or Windows PC upon attaching an iPhone, iPad or iPod touch to it for the first time via USB.
Aside from warning you that you’ve connected the device to an unknown computer that it’s never been connected to before, this prompt is part of Apple’s chain of trust designed to prevent computers and accessories from getting access to data without your consent.
Tapping Trust lets the connected computer or peripheral access data on your iOS device.
Before iOS 11, the only security requirement was that an iOS device be unlocked.
New in iOS 11, this prompt now requires that you type in your passcode as well, giving you an extra layer of authentication in order to help prevent data theft, surveillance and snooping.
In order to establish pairing in iOS 11:
- Your iOS device must be connected to a computer via USB
- Your iOS device must be unlocked
- You must respond affirmatively to a “Trust This Computer” prompt on the iOS device
- You must authenticate yourself by typing the passcode on the iOS device
The introduction of the new Face ID biometric authentication method on iPhone X may have played a part in this change, which helps prevent against hacking attempts.
TUTORIAL: How to disable Touch ID discreetly
Previously, an ill-minded person in possession of your unlocked device could connect it to their computer and establish trust. This would’ve let them use a dedicated app to extract data via USB or a local Wi-Fi connection, such as your photos and videos (including embedded location data), voice memos, PDFs stored in iBooks and other documents in apps.
If you think your iOS device may have been paired with a computer without your consent, you can easily break the pairing relationship by resetting your location and privacy settings.
Because this chain of trust is also part of desktop iTunes, a hacker could trust their computer in order to perform a full backup of a stolen iOS device in iTunes.
Assuming the original owner has not explicitly enabled encryption for backups in desktop iTunes, this may grant access to even more personal information like your chats from Messages, WhatsApp and other messaging apps, plus your voicemail, call history, contacts, calendars, notes, bookmarks, Safari browsing history and much more.
As mentioned before, pairing in iOS 10 and older versions could be achieved with a single tap.
This posed a major security issue if your unlocked device got stolen (i.e. while gaming or reading emails). In that regard, iOS 11’s enhanced pairing security should come in handy—even more so should you happen to be coerced to unlock your device by law enforcement.
As we all saw with recent cases of investigative overreach, governments will stop at nothing to force travelers or just about anyone they deem suspicious to give up their device passcode.
In the United States, passcodes are protected by the Fifth Amendment.
Coercion by a thief or law enforcement to unlock your device can be resisted by entering a wrong passcode enough times to trigger a full wipe of the device.
As a precaution, never share your passcode with anyone. Also important, be sure that iTunes backup encryption has been enabled and that the Erase Data option has been enabled in Settings → Touch ID & Passcode or Settings → Face ID & Passcode.
So now you know why this seemingly unimportant change in iOS 11 matters a great deal.
It’s the little things…