The Issue of Trust: Untrusting Connected Devices from Your iPhone

September 29th, 2020 by Oleg Afonin
Category: «Mobile», «Tips & Tricks»

When connecting an iPhone to a computer for the first time, you’ll see the prompt asking you whether to trust the computer. Trusting a computer enables your phone and computer to exchange information. However, should the trusted computer fall into the wrong hands, the pairing record from that computer could be used to pull information from your iPhone. Learn about the risks associated with pairing records and how to block unwanted connections by untrusting connected computers from your iPhone.

Since iOS 12, your screen lock passcode is required to trust the computer. The system will prompt for your passcode after you confirm the “trust” prompt. This protects the data in your iPhone against unauthorized access even if someone gains control of your iPhone with its screen unlocked.

If you opt not to trust a computer, then all access to your device’s content by that computer is blocked. In this state, no information will be exchanged between your phone and your computer. This is the state you want when connecting to any computer except your personal one.

If you trust a computer, it will remain trusted for a long time. Dormant trusted connections can live for up to six months, after which the pairing expires, and you’ll be prompted to trust the computer again when connecting the iPhone. The trust timer will reset every time you connect the iPhone to the computer.  until you change which computers you trust or erase your device.

Once you trust a computer, iOS generates a pair of cryptographic keys. One of the keys is stored as a file on the computer you’re trusting, while the other is kept on the iPhone. These keys are unique for every pairing; the communication will be established if the keys on the iPhone and on your computer match. Removing any one of those keys breaks the trusted relationship, requiring to establish a new pairing to exchange information. Simply put, if you want to “untrust” a computer, you must remove at least one of the keys (preferably the one on the iPhone itself).

The problem lies in the way iOS handles these trust records (otherwise known as “pairing records” or “lockdown records”). There is no mention of trusted devices anywhere in iOS settings. There is no easy way to see on your iPhone which computers are trusted, and there is no easy way to break such trusted relationships. There is also no way to break only some pairings (e.g. those you made during a trip) while leaving your personal computer trusted.

Why leaving a pairing record behind is a bad idea

We have a comprehensive article on what is accessible on your iPhone with a valid lockdown record: What can be extracted from locked iPhones with new iOS Forensic Toolkit. In this article, we discussed the various states the iPhone can be in, and the types of data that can be extracted from the phone if one has access to a pairing record stored on the user’s computer. An old but still useful article named Acquisition of a Locked iPhone with a Lockdown Record explains how to do the extraction. In a word, the following can be extracted from your iPhone if one has access to both the phone and a pairing record (but without a passcode):

  • Local backup
  • Your entire media library (photos and videos)
  • Some system logs
  • Some shared files

More on the available types of data in Demystifying Advanced Logical Acquisition. Generally speaking, you don’t want any of that information to fall into the wrong hands. For this reason, we strongly recommend not trusting any computer that does not belong to you. If you did, we recommend untrusting such devices by removing the encryption keys from your iPhone.

Apple has a trick to protect users against lockdown records that were left behind. If your iPhone has not connected to a trusted computer or accessory for a certain period of time, it will start blocking the data port immediately after the screen is locked. Once this mode (known as the “USB restricted mode”) is activated, neither jailbreaking (except with checkra1n) nor logical acquisition are possible.

Untrusting connected devices

In iOS, untrusting connected devices is an all or nothing affair. You can either remove all pairing records from your iPhone or leave everything intact. In About the ‘Trust This Computer’ alert on your iPhone, iPad, or iPod touch, Apple notes: “If you don’t want to trust a computer or other device anymore, change the privacy settings on your iPhone, iPad, or iPod touch. Go to Settings > General > Reset > Reset Location & Privacy. Now when you connect to formerly trusted computers, the Trust alert will ask you whether you trust that computer.

To untrust all connected devices, do the following.

  • On your iPhone, open the “Settings” app and tap “General”
  • Tap “Reset” -> “Reset Location & Privacy.”
  • Confirm the prompt by typing your screen lock passcode.
  • Once you reset Location & Privacy, you will need to re-enable location services for apps that you want to allow accessing your location data.

Consequences of resetting Location & Privacy

In About privacy and Location Services in iOS and iPadOS, Apple talks about the available privacy and location settings in iOS. According to Apple, resetting Location & Privacy will do the following: “If you would like to reset all of your location settings to the factory default, go to Settings > General > Reset and tap Reset Location & Privacy. When your location and privacy settings are reset, apps will stop using your location until you grant them permission.”

While Apple does not mention any other privacy settings affected by this option, we know that established pairing relationships are also removed. Unfortunately, there is no description as to what other things are affected by resetting Location & Privacy anywhere in the Knowledge Base.