Manage USB pairing for iPhone and iPad devices

Managing which host computers iPhone, iPad, and iPod equal devices can pair with is crucial for security and exploiter appliance. For model, the ability to securely plug in to self-service stations for updating software or sharing a Mac computer ’ s internet connection requires a trust relationship between the iPhone, iPad, or iPod affect and the host computer. Device pairing is typically performed by the exploiter when they connect their device to a host computer with a USB cable. A motivate appears on the exploiter ’ south device asking them whether they want to establish a entrust relationship with the calculator .An iPad showing the Trust This Computer? dialog when first connected to a MacBook Pro. The exploiter is then asked to enter their passcode to confirm this decision. Any further connections with the lapp server computer are automatically trusted going forth. Users can clear pairing faith relationships by going to Settings > General > Reset > Reset Location & Privacy or by erasing their device. additionally, these trust records are removed if they ’ re unused for 30 days .

MDM management of host pairing

An administrator can manage supervised Apple devices ’ ability to manually trust host computers with the limitation Allow pairing with non-Apple Configurator hosts. By disabling the master of ceremonies pair ability ( and distributing the right supervision identities to their devices ), the administrator ensures that only trusted computers holding a valid supervision host security be allowed to access the iPhone, iPad, and iPod affect devices in interrogate over USB. If no supervision server certificate has been configured on the master of ceremonies computer, all match is disabled.

note : The Apple device registration setting allow_pairing was deprecated with io 13 and iPadOS 13.1. Administrators should rather use the above guidance going forward as it provides more tractability by hush allowing pairing to trust hosts. It besides enables server pairing settings to be changed without having to erase the iPhone, iPad or iPod touch .

Securing unpaired restore workflows

In io 14.5 or late and iPadOS 14.5 or late, an odd master of ceremonies computer can ’ deoxythymidine monophosphate restart a device into recoveryOS ( besides known as Recovery Mode ) and restore it without local physical interaction. Before this change, an unauthorized exploiter could erase and restore a user ’ sulfur device without directly interacting with the iPhone, iPad, or iPod touch. All they needed was a USB connection ( for example, offered as a charging facility ) to the target device and a computer.

External boot to recovery restriction

By default, io 14.5 or late and iPadOS 14.5 or subsequently restrict this convalescence capability to host computers that have been previously trusted. Administrators that want to opt out of this more procure behavior can enable the restriction Allow putting an io or iPadOS device into Recovery Mode from an odd host .

USB Restricted Mode with Ethernet adapters

An io or iPadOS device with a compatible Ethernet arranger maintains an active connection to a connected network even before the device is initially unlock. This occurs only if the device has USB Restricted Mode turned off. This is useful when the device must receive an MDM command when Wi-Fi and cellular networks are unavailable, and the device has not been unlocked since it was started from a closure state or was restarted—for exercise, when a drug user has forgotten their passcode and MDM is attempting to clear it.

The USB Restricted Mode specify can be managed by :

  • The MDM administrator with the USB Restricted Mode limitation. This requires the device be supervised .
  • The exploiter in Settings > Touch/Face ID & Passcode > USB Accessories .

Published Date: October 27, 2021

Leave a Reply

Your email address will not be published.