"Enter your passcode to trust this computer and start a backup." Every time iPhone is on charge.

They didn't fix the vulnerability, they stopped automatic unattended backups. The vulnerability still exists.

The vulnerability ,simply put, is that someone could direct the backup (time machine) to store its data in an unprotected area of the hard drive. They should have changed to OS to prevent someone from changing the location of the backup.

StMiBa wrote:

They didn't fix the vulnerability, they stopped automatic unattended backups. The vulnerability still exists.

The vulnerability ,simply put, is that someone could direct the backup (time machine) to store its data in an unprotected area of the hard drive. They should have changed to OS to prevent someone from changing the location of the backup.

The vulnerability no longer exists because you must physically enter a passcode on the phone to back it up each time. So there is no way for someone who hacks into the computer to change the storage location of the backup, which is hard-programmed into iTunes (or Finder).

john-berlin wrote:

Not true, because most encrypted data does NOT allow unlimited password attempts. For websites it usually locks after 3 or 4 failed attempts.

That's why I wrote you need to be in possession of the encrypted data. Then you always have unlimited password attempts since there is no service in front that will limit this. You try to apply the AES decryption on the data itself rather than talking to a decryption service of some kind in front. By its nature you can do this forever without anything stopping you.

The whole CVE was about gaining access to the backup data, an attacker moving the backup data to an unprotected location in his control. This obviously becomes an issue with unencrypted backups. If you choose a weak password for your backups then of course this also might be problematic for encrypted backups. The above mentioned unlimited brute forcing possibilities will then make it easy to crack the password.

But you cannot take away everyone's ability to have automatic backups just because you assume everyone is using weak passwords. If this is really Apple's concern they could just implement strong password requirements during backup setup. That's all I'm saying.

I agree with your last paragraph. But I think the real solution is to solve the problem on the computer end rather than the phone. As an educated guess I’m thinking that this is a temporary workaround until they can develop and test a secure way to prevent backups from being relocated on the Mac or PC. The guy that discovered this flaw ranted about Apple’s approach to solving it, saying the problem should be addressed at the computer end.

Not sure what you have, but iTunes went out about 2 versions of IOS back, this is an issue, and the older IOS is remembered in your keychain choice when paired with your laptop or desktop whichever variety you use. It is purely on the backup portion of the service. Yes it is annoying, another Apple decision based on their security preferences and taking control away from users/customers.

You know it is a mistake when it forces you to type in passcode and not just use fingerprint, apple not making much sense.

[Edited by Moderator]

Cool. Have you reported that at

https://apple.com/feedback ?

Go to https://apple.com/feedback and they would love your thoughts there. We are not Apple.

[Edited by Moderator]

Apple don't read these posts.

https://apple.com/feedback if you want them to hear.

Why hasn’t it happened with any of my 4 iOS devices or 3 computers? If a programmer screwed up how did they screw up your computer and not mine? Or a significant number of others among the 2 billion iPhone users? This has not been a commonly reported problem, so it might be a good idea to troubleshoot your specific issue rather than wait for Apple to fix what is probably a non-existent “bug”.

sgucukoglu wrote:

Whether Wi-Fi syncing is a battery drain isn't important; we are concerned here with why it doesn't work for those choosing to use it.

I choose to use Wi-Fi. And it works for me. It never prompts me to trust the computer. NEVER. It hasn’t promoted me for 10 years, except for the first time on the computer than I had back then. I’m on my 4th computer since then, and it never even prompted me when I switched to a new computer. Have you reset warnings in iTunes settings, as I suggested earlier?

"Why hasn’t it happened with any of my 4 iOS devices or 3 computers?" (Lawrence Finch)

Ahh... so if it didn't happen to you, all the others reporting it must be imagining it? You tossed a handful of attitude at someone you know nothing about, but then it turned out that you were wrong, and it really was happening. Perhaps a bit less of an "I am god" attitude might be in order. One thing my 40+ years as a logic designer taught me was to check first. Less egg to wipe away that way.

But that aside... So it turns out that it was a deliberate inconvenience on the part of Apple? That doesn't make it any better, because they have, in effect, eliminated automatic backup on connection, without the added a step that requires the user to say, "May I?"

It's interesting that Apple is content to have this, and all their sites accept an automatic log in protocol over a far less secure internet connection, but a physical connection between the users phone and the users computer— which can read the mac number of that phone—and a phone that can respond with identification, automatically, as it always has, somehow is no longer good enough.

I began using Apple products with the advent of the 2+. But lately, it seems that nontechnical corporate people are making the technical decisions, and erasing the things that make Apple Apple.

You seem to be misinformed on both topics. The Wi-Fi sync only happens when the iPhone is plugged into power somewhere while on the Wi-Fi. It doesn't randomly sync with your phone while it's on battery, that'd be ridiculous. The "show when on Wi-Fi" will obviously not affect iPhone battery life.

I also have this problem and it happened with iOS 16.1 (as does everyone on iOS 16.1), so go yawn elsewhere.