User profile for user: Zorba_le_grec
Zorba_le_grec Author
User level: Level 3
581 points

AMPDevicesAgent: legitimate password request or attack?

This morning, out of the blue a popup window sprung on my screen:

Without a thorough investigation, I am not able to detect if this is a legitimate request for

a password or an attack.

Moreover, even as a computer engineer, I have no mean to identify the trustability and

meaning of this request.


As a first level protection, I will click on Deny.

Next I fire an investigation starting with the Apple official documentation.


I will add to this question any useful and confirmed information.

Any other hint will be highly appreciated.


The correct tags for such a question would be:

    • security,
    • authentification,
    • macOS,
    • documentation.

MacBook Pro 15″, macOS 11.7

Posted on Jan 21, 2024 2:53 AM

Reply
Question marked as Top-ranking reply
User profile for user: BDAqua
BDAqua
User level: Level 10
250,259 points

Posted on Jan 21, 2024 1:08 PM

Hello...


The process name is a legitimate process running as part of an iOS device local backup. Enter your login Keychain password to proceed.

To check that the prompt is actually on behalf of the right process, open Activity Monitor, search for the process name, select Sample Process and confirm the path is within

/System/Library/PrivateFrameworks/AMPDevices.framework

The real fix to stop the error message from appearing is to add AMPDevicesAgent access to iOS Backup in Keychain, which you can do from Keychain Access as usual 


https://apple.stackexchange.com/questions/376387/macos-10-15-catalina-asks-ampdevicesagent-wants-to-use-your-confidential-inform


View in context

Similar questions

3 replies
Question marked as Top-ranking reply
User profile for user: BDAqua
BDAqua
User level: Level 10
250,259 points

Jan 21, 2024 1:08 PM in response to Zorba_le_grec

Hello...


The process name is a legitimate process running as part of an iOS device local backup. Enter your login Keychain password to proceed.

To check that the prompt is actually on behalf of the right process, open Activity Monitor, search for the process name, select Sample Process and confirm the path is within

/System/Library/PrivateFrameworks/AMPDevices.framework

The real fix to stop the error message from appearing is to add AMPDevicesAgent access to iOS Backup in Keychain, which you can do from Keychain Access as usual 


https://apple.stackexchange.com/questions/376387/macos-10-15-catalina-asks-ampdevicesagent-wants-to-use-your-confidential-inform


Reply
User profile for user: Zorba_le_grec
Zorba_le_grec Author
User level: Level 3
581 points

Jan 29, 2024 3:27 AM in response to Zorba_le_grec

Conclusion of problem analysis


Thanks to this link provided by @BDAqua:

Apple.stackexchange.com / AMPDevicesAgent

It appears this request is a legitimate one.


But, taking into account the actual practice of cybercriminals trying to steal

password and account through this exact same method,


any legitimate password request should be

    • understandable by any user: newbee or computer engineer,
    • clearly authenticated ( without a full page of technical excuse ).


Otherwise, the best answer to such a poor quality password request is Deny button or destroy the window,

to protect your computer environment and beyond ( when you share the same account on many services ).

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

AMPDevicesAgent: legitimate password request or attack?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up