"Enter your passcode to trust this computer and start a backup." Every time iPhone is on charge.

• A computer backup uses a lot of storage; one backup of my phone is 25 GB, and that’s when I’m syncing photos to iCloud

That's for the first one. After that, they'll save only the changed data, not a memory dump, just like Time Machine. And in any case, that only matters if you're short of memory. And, the memory costs the same be it filled or empty.

sgucukoglu wrote:

Of course, iOS 16.2, with its vaunted new Advanced Data Protection for iCloud, nevertheless doesn't fix this issue for local backups. (ADP for iCloud is only available in the US at the moment, and I'm not in the US.)

Correct. Because the reason for it is to protect the backup copy of your phone on your computer from being hacked. It has nothing to do with your phone. It assures that only YOU can create a backup of your phone; not someone who has access to your computer or has hacked into your computer.

The guys from iMazing wrote a summary of the whole issue with this passcode prompt. They recommend that Apple enforces a passcode prompt only for unencrypted backups which makes total sense. I mean backup data could still be moved to an unprotected location, but since it's encrypted it's completely useless to the attacker.

Your argument would then basically apply to everything encrypted. If you are in possession of the encrypted data, you can always try brute force, sure. But by this logic you would need to declare everything encrypted insecure. Your encryption is always only as strong as your passphrase is.

Also you're probably mixing up two things. The passcode you use to unlock your device (the possibly 6 to 8 digit password you're talking about and the one this thread is about) is not the same as the one with which you decrypt your backups. It is a completely separate passphrase which you have to set up during your first backup. Apple could simply require stronger passphrases for this one if they wanted to make bruteforcing harder. And since it's not the same passcode you have to enter every time you take your phone out of your pocket, it wouldn't upset anyone.

john-berlin wrote:

Your argument would then basically apply to everything encrypted. If you are in possession of the encrypted data, you can always try brute force, sure. But by this logic you would need to declare everything encrypted insecure. Your encryption is always only as strong as your passphrase is.

Not true, because most encrypted data does NOT allow unlimited password attempts. For websites it usually locks after 3 or 4 failed attempts. For an iOS or Mac passcode it slows down at 6 attempts, and locks permanently after a few more. The fact that Apple allows unlimited attempts to guess the backup password is the true vulnerability, but they did that probably because enough people forget that they created a backup password, since it could have been years before. It only prompts for the password once, for the first encrypted backup.

The real problem for websites (and apps) is that if the server that the site runs on is hacked (which is VERY common; there have been hundreds just this year, and let’s not think about EquiFax in 2017 who had 120 million accounts stolen or the US Government Office of Personnel Management system hack of 2015) a brute force attack can be run on the downloaded passwords. That’s why there are stolen plaintext passwords and account IDs available for sale on the dark web. Want to see if yours has been hacked→https://haveibeenpwned.com/?

also you're probably mixing up two things. The passcode you use to unlock your device (the possibly 6 to 8 digit password you're talking about and the one this thread is about) is not the same as the one with which you decrypt your backups. It is a completely separate passphrase which you have to set up during your first backup. Apple could simply require stronger passphrases for this one if they wanted to make bruteforcing harder. And since it's not the same passcode you have to enter every time you take your phone out of your pocket, it wouldn't upset anyone.

I’m not mixing up anything. The backup password is not the same as the iPhone screen passcode (which is 4 or 6 digits, never 8)* OR the Apple ID password unless you make them the same. But it is just another password, probably 6-8 characters chosen by most people. And so far, in trying to help people unlock their encrypted backup, I’ve never encountered anyone who used the same password for their Apple ID or their screen passcode as their backup password.

*iOS allows you to choose an arbitrary length screen unlock passcode, but I suspect the number of people who choose that option can be countered on the thumbs of one hand. Although some devices under MDM do require it.

Not true, because most encrypted data does NOT allow unlimited password attempts. For websites it usually locks after 3 or 4 failed attempts.

That's why I wrote you need to be in possession of the encrypted data. Then you always have unlimited password attempts since there is no service in front that will limit this. You try to apply the AES decryption on the data itself rather than talking to a decryption service of some kind in front. By its nature you can do this forever without anything stopping you.

The whole CVE was about gaining access to the backup data, an attacker moving the backup data to an unprotected location in his control. This obviously becomes an issue with unencrypted backups. If you choose a weak password for your backups then of course this also might be problematic for encrypted backups. The above mentioned unlimited brute forcing possibilities will then make it easy to crack the password.

But you cannot take away everyone's ability to have automatic backups just because you assume everyone is using weak passwords. If this is really Apple's concern they could just implement strong password requirements during backup setup. That's all I'm saying.

It's still alien language to me, besides a commercial reason from Apple, why I have to type a PIN (not even the face to unlock my telephone) every time I am uploading a backup (not a trojan virus) from my telephone to my computer (not a network or a loaner, etc), which previously had to be recognized as "trusted" and I also entered the password to my apple id. By the way, my backup has been encrypted for some years. It is beyond common sense anyone defending the idea the PIN previous to back up, due to alien invasion or anything like that. Have you guys and gals realized that for the back up in icloud the pin is not required? Can anyone put 2 and 2 together and realize that Apple just want everybody (or increase) the number of people paying for cloud space to do backups? I hope Apple realizes that before massive attritions from iphone to samsung.

I dunno...seems that everyone has missed the most critical part. You're assuming that the mac it's being stored on has been successfully invaded. That means the bad guys ALREADY own all your data. It means that the person who owns that machine probably doesn't have a decent antivirus, because it's a known agent. And given the world we live in, you have to be pretty stupid not to have one.

But that aside, the solution is so obvious that Apple not having seen and corrected it is yet another demo that they've strayed pretty far from what they once were.

Since the data is only used on the phone, and is never accessed while being stored, be it a Mac or the cloud, you encode the phone data on-the-phone, so what's sent to either the cloud or the mac is unreadable at the storage end. That way, even if Apple's storage is hacked, the data is unusable.

Then how can the phone owner use the unreadable data? They can’t use it to restore a phone, because the key to unlock the backup was wiped when the phone was reset. And you can’t use the backup to set up a new phone for the same reason.

Known agent? You mean you have never heard of a zero day flaw? Antivirus, if you have it, and keep it updated, doesn’t know about new vulnerabilities for weeks after they have been discovered by hackers most of the time.

Did you actually read the links I posted? Do you realize that more iPhone users have Windows than have macs? Do you know more about data security than the researcher who discovered this vulnerability or Apple’s cybersecurity team?

Hello. Did you ever get this problem resolved with your phone? Mine started this last week and it's not connected to my computer nor is it connected to a charging device. My wifi and bluetooth are off it continues to do it. I've restarted my phone and my automatic updates are turned off. I do have ios 16.2. Any suggestions?

• Then how can the phone owner use the unreadable data? They can’t use it

to restore a phone, because the key to unlock the backup was wiped when

the phone was reset. And you can’t use the backup to set up a new phone

for the same reason.

Seriously? If the data is encrypted by-the-phone, and done AS it's sent to backup, there's no need to do anything but store it—be that on a local computer or any kind of cloud server. And of course, the phone can upload and use the data, because it, and it alone, has the encryption key. Sending unencrypted data that can be intercepted on the way to storage, and THEN encrypting it, is dumb.

The number of screw-ups on the part of Apple—screw ups that their quality control testing should have caught, keeps growing.

If we stop doing the thing that Apple screwed up it won't happen? Sure, but that's a workaround, not a solution. And for some, it means running an extension cord, so they can use the phone while it charges.