"Enter your passcode to trust this computer and start a backup." Every time iPhone is on charge.

Hayg wrote:

Saying that they are powerful useful devices but not for storing your life's work or data that you cannot afford to lose or be stolen. Why does Apple simply let you use a fingerprint to allow backups would seem the sensible way, typing 8 character passcode is a pain to allow backups.

There is a technical reason; your computer can’t recognize your biometric identification, because it is only stored in RAM after you have entered the passcode, and is not stored on your computer. When the phone is powered off you must enter your passcode to unlock the secure enclave where biometric data is saved. While it might be possible to allow using biometric data in the future, that would be a substantial change, and this zero-day vulnerability had to be addressed quickly. My best guess is that this is a temporary solution, and Apple engineers will find a less intrusive way to protect a computer backup in the future. It’s not the inconvenience to you to have to enter 6 digits when you want to manually back up that anyone has sympathy for; the problem is that it prevents automatic nightly computer backups.

And have you Reset Warnings in iTunes preferences/advanced?

Apple’s backup encryption is strong, however, if you have the password (which is the encryption key) you can access the backup. And Apple gives you unlimited guesses, which is sufficient if the computer itself is secure. Further, the backup is in protected storage owned by iTunes or Finder, so the only way to try password guessing is with iTunes (or Finder for Mac OS Catalina or later), which makes it a manual process.

This hack, however, allows the bad actor to make a backup elsewhere on the computer, when it is not restricted to iTunes or Finder, allowing automated password guessing.

And, since the hack has been published widely it would be certain to be used to hack iPhone backups if the requirement to enter a password on the phone did not exist. I’m sure there is a more elegant solution that Apple is working on, but this was an emergency situation when the method of hacking a backup was made public.

JayGreenstein wrote:

So as of this morning, the phone still asks for the password. But, when the computer asks you if you want to cancel or try again, if you select the cancel option, the backup continues normally to the completion of the backup.

Apparently, it's another case of the left hand and the right hand working in different departments.

That doesn’t compromise the security, because it still requires a physical step by the user on the phone to initiate the backup, something that a remote hacker can’t do. But it is an interesting observation.

john-berlin wrote:

The guys from iMazing wrote a summary of the whole issue with this passcode prompt. They recommend that Apple enforces a passcode prompt only for unencrypted backups which makes total sense. I mean backup data could still be moved to an unprotected location, but since it's encrypted it's completely useless to the attacker.

No, it really isn’t completely useless. Apple allows unlimited guesses for the backup password. So if you have the encrypted backup you can run an automated process that goes through all combinations of alphanumeric passwords until one unlocks the backup. While the encryption algorithm is a strong one that is essentially unbreakable, a brute force attack that simply guesses passwords at very high speed, perhaps using multiple processors, can decrypt the backup. This may not work for strong passwords (20 character random passwords, for example), but very few people use more than a 6 to 8 digit password, and those are easily broken using a brute forced attack. That’s how most password attacks work on stolen corporate databases.

This is also not a Windows-specific problem. I experience the same behavior connecting to my Macs running Ventura. The initial connection is fine and I can browse the phone in Music. I sync manually, and as soon I trigger the sync, the phone wants a trust password to begin the backup step. I've made a feedback post.

That's a workaround, not a solution. This feature always worked, and was convenient, especially for those of us who charge our phones via a cable to a USB port. Plus, given that the backup happens when it's plugged in, if you select backup only via cable, there is no battery drain.

So in reality, some programmer screwed up, and it will take a repair and update of the OS to fix it. And that means making Apple aware of it.

BTW, it happens in OS 10.14, too.

Read the original question and how my answer addresses part of it.

If you have the author's combination of

1. Show this phone when on wifi, plus
2. Automatically backup

then it will spontaneously backup all through the day. That is and always has been a battery drain.

Couple that with the reported (on here) iTunes bug and turning off one or both if those options makes sense.

You said "... those of us who charge our phones via a cable to a USB port...."

ok, but we are not talking about that scenario, one might even say that is an irrelevant comment.

As Lawrence just pointed out the additional trust request has been added to 16.1 therefore it is not a problem we can help with, it is a design feature you don't like.

Hence my link https://apple.com/feedback

The big problem I have with this is that I back up several iDevices for family to a Windows machine. The idea being they’re at home, they plug in to a charger, the device backs up without them knowing or thinking about it.

Now with this behavior, every time they plug their phone to the charger, they get an unexpected popup asking for their password. They are trained NOT to enter in their password at random, unexpected prompts. So of course they deny it and the backup does not take place.

And further, we all use complicated alphanumeric passwords (to thwart GrayKey style attacks) so it’s a bit of a pain to constantly type in a 20-letter alphanumeric password with mixed case.

I’m sure Apple would love to nudge people towards one of their paid iCloud plans (and I actually have one, but not for device backups) but I won’t use iCloud for device backups until Apple implements end-to-end encryption, which they currently do not. iCloud backups (and iOS vulnerabilities) are the only way the government or malicious actors can get at your data due to the lack of E2EE.

This isn’t surprising though, I have noticed over the years that iTunes seems to be a neglected piece of software with bugs and glitches, but it has been a reliable platform for device backups. Until now.

So yeah, I definitely have submitted feedback through the suggested channels but am pessimistic this gets fixed.

Very interesting, thank you. So the change was made because a specific hacking method was detected. I assumed it was for security, but I didn’t have the details. Now here they are: CVE-2022-32929 - Bypass iOS backup's TCC protection

DollaDollaBillsYall wrote:

Lawrence, you pointing to that hack doesn’t justify this change, since as was mentioned multiple times, that hack doesn’t apply to people with encrypted backups.

As has been pointed out it DOES apply to encrypted backups, because if a hacker can download the encrypted backup to their computer, since there is no limit to the number of “guesses” for the passcode they can create a script to try every possible passcode, the same way passcodes are hacked in data downloaded from hacked websites.