Activating data connections securely
On iPhone and iPad devices and Mac computers, if no data connection has been established recently, users must use Face ID, Touch ID or a passcode to activate data connections through a Thunderbolt, USB, Lightning, Smart Connector or — in macOS 13.3 or later — the SD Extended Capacity “SDXC” cards interface. This limits the attack surface against physically connected devices such as malicious chargers while still enabling usage of other accessories within reasonable time constraints. If more than an hour has passed since the iPhone or iPad has locked or since an accessory’s data connection has been terminated, the device won’t allow any new data connections to be established until the device is unlocked. During this hour period, only data connections from accessories that have been previously connected to the device while in an unlocked state will be allowed. These accessories are remembered for 30 days after the last time they were connected. Attempts by an unknown accessory to open a data connection during this period will disable all accessory data connections over those connections until the device is unlocked again. This hour period:
Helps ensure that frequent users of connections to a Mac or PC, to accessories or wired to CarPlay won’t need to enter their passcodes every time they attach their device
Is necessary because the accessory ecosystem doesn’t provide a cryptographically reliable way to identify accessories before establishing a data connection
Additionally, if it’s been more than 3 days since a data connection has been established with an accessory, the device will disallow new data connections immediately after it locks. This is to increase protection for users that don’t often make use of such accessories. These data connections are also disabled whenever the device is in a state where it requires a passcode to re-enable biometric authentication.
The user can choose to reenable always-on data connections in Settings (setting up some assistive devices does this automatically).