"Enter your passcode to trust this computer and start a backup." Every time iPhone is on charge.

As it is obvious that you haven’t read the thread and don’t understand the reason for the change, here it is again:

Apple changed the way that worked because of a recently discovered vulnerability that would allow a hacker to create an unprotected backup of an iOS device without the knowledge of the owner, so Apple add a requirement to always require a passcode to be entered on the phone before backing up to a computer. This to assure that the backup was intentional.

If you want details you can find them in these two links:

• From the discoverer of the vulnerability→CVE-2022-32929 - Bypass iOS backup's TCC protection · theevilbit blog
• From a disinterested 3rd party→iOS Backup Passcode Prompt-iMazing

I guess you didn’t read the thread you posted to.

Michael Graziano wrote:

Forcing me to type in my passcode to back up to a computer I am physically connected to and have previously trusted for syncing other content might make sense ONCE.

Requiring it EVERY TIME is beyond idiotic. It makes automatic backups to your Mac error-prone (miss the prompt and the backup times out, meaning you don't get a backup that day).

The reason it is required for computer backups is because there is an identified vulnerability that has been seen in the wild that would allow a bad actor to back up, and then gain access to the backup on a computer, as reported in the National Vulnerability Database→https://nvd.nist.gov/vuln/detail/CVE-2022-32929

and as described in a “how to" here→https://theevilbit.github.io/posts/cve-2022-32929/

Essentially, any computer that has been hacked (which is roughly half of all Windows computers, and a smaller, but significant, number of Macs) can be used to get a copy of the iPhone’s backup. If the backup is not encrypted it is trivially easy to get most of the content of the phone. If it is encrypted, it’s harder, but, as there is no limit to the number of guesses of the backup password it is always possible to set up an automated process to guess the password.

And the reason just asking for it once is inadequate is because the hacker can run their hack after the passcode has been entered that one time.

It is a FACT that this vulnerability exists and has been used by criminal hackers.

OK, I’m going to contradict myself. I’ve checked with an Apple resource, and iOS 16, as an additional security measure, will require a passcode to be entered on the phone when backing up to a computer.

The reason it isn’t required for iCloud backup has nothing to do with absurd conspiracy theories; it’s because iCloud backups are protected by your Apple ID password and 2 factor authentication.

The reason it is required for computer backups is because there is an identified vulnerability that has been seen in the wild that would allow a bad actor to back up, and then gain access to the backup on a computer, as reported in the National Vulnerability Database→https://nvd.nist.gov/vuln/detail/CVE-2022-32929

and as described in a “how to" here→https://theevilbit.github.io/posts/cve-2022-32929/

Essentially, any computer that has been hacked (which is roughly half of all Windows computers, and a smaller, but significant, number of Macs) can be used to get a copy of the iPhone’s backup. If the backup is not encrypted it is trivially easy to get most of the content of the phone. If it is encrypted, it’s harder, but, as there is no limit to the number of guesses of the backup password it is always possible to set up an automated process to guess the password.

And the reason just asking for it once is inadequate is because the hacker can run their hack after the passcode has been entered that one time.

StMiBa wrote:

Are you saying that in order for my personal data to be secure, I should delete the backup that is currently stored on my Macbook? Is that seriously what you are saying?

If that's the case, why should I bother to backup my data?

What I hear you saying is, "I have no idea what the problem is or how to fix it and neither does Apple but Apple assures me that if I enter my passcode in order to initiate a new backup, I'm secure."

It’s clear that you haven’t read the thread. Your iOS backup is saved in protected storage on your Mac or PC that only you can access. The security vulnerability allows a hacker to create a new backup of your device in storage that is not protected, then download the backup to their computer to analyze. They could do this for any device that just once “trusted” the computer. Apple has blocked this vulnerability by requiring a passcode on the phone each time it is backed up. I suspect this is a temporary fix for this vulnerability until they can find a better one. If it was just hypothetical I doubt Apple would have rushed out this fix, but the code to perform this hack has been published for anyone to see. There’s even a link to it in this thread if you want to try it.

So as of this morning, the phone still asks for the password. But, when the computer asks you if you want to cancel or try again, if you select the cancel option, the backup continues normally to the completion of the backup.

Apparently, it's another case of the left hand and the right hand working in different departments.

The real reason is so a hacker cannot force a download of your iPhone without your knowledge and steal all of your personal data from the downloaded backup. But your conspiracy theory is so much more fun.

Here’s the explanation from a disinterested 3rd party→iOS Backup Passcode Prompt-iMazing

And here’s the explanation from the discoverer of this vulnerability→https://theevilbit.github.io/posts/cve-2022-32929/

Apple changed the way that worked because of a recently discovered vulnerability that would allow a hacker to create an unprotected backup of an iOS device without the knowledge of the owner, so Apple add a requirement to always require a passcode to be entered on the phone before backing up to a computer. This to assure that the backup was intentional.

If you want details you can find them in these two links:

• From the discoverer of the vulnerability→CVE-2022-32929 - Bypass iOS backup's TCC protection · theevilbit blog
• From a disinterested 3rd party→iOS Backup Passcode Prompt-iMazing

The settings are on the Mac, nothing to do with iOS16

Click on the phone in the Finder sidebar (or itunes if an oldie) and turn off

Automatically sync when this iphone is connected... and

Show this iphone when on Wi-Fi....

Upgrade to 15.7.1 or 16.1 causes the iPhone, iPadMini and iPad to require entering a pass code EVERY TIME to do a backup to Windows iTunes 12.12.6.1 The automatic backups are broken. Prior versions only required a one time entry of the pass code to trust the device (PC running iTunes) and then would resume automatic backups after a software upgrade.

I wouldn’t expect 16.1.1 to fix it, because it isn’t a problem with 16.anything. It is a problem with your phone. Hundreds of millions of phones do not have this problem. You need to troubleshoot what is special about your your phone and computer that is causing this very unusual problem. Have you tried going to iTunes Preferences, Advanced pane, and clicked Reset Warnings? And have you also updated iTunes to the latest version?

markhind wrote:

This is everything to do with 16.1 because it didn't happen before I upgraded to 16.1 on my iPhone. Is there another solution as I need to "automatically sync when this iPhone is connected" every time I connect my iPhone to my MacBook Pro?

If you don't like being requested for the passcode then take off the auto sync checkbox.

This mainly only affects people who get the unnecessary code request when plugging the iphone in a power brick - the original text of the original question - in which case take off the Show when on wi-fi checkbox.

The extra security is here to stay unless a lot of people write to https://apple.com/feedback and I doubt if the numbers will stack up because most people like additional security when the evidence shows that data has already been stolen in the wild.