Ask HN: Is iOS 18 Screen Mirroring a backdoor?

[sureIy]

This new iOS 18 feature lets you use your "turned-off" iPhone without ever inputting your PIN code. To me this is the exact definition of a backdoor.

It's true that this is only possible when you're logged into a computer that is logged into the same Apple Account, but this setup feels eerily similar to the ability by Apple to use your phone remotely.

Are my worries unfounded? I feel that Apple should secure this better or at least explain how this is already secure. Their help pages are very vague on this.

[al_borland]

In the settings of the iPhone Mirroring app there is an option to require the Mac login to access the iPhone every time, or do it automatically. This is asked when you first set it up and can be changed later.

I set mine up to login automatically, because I'm the only one who uses my laptop and I live alone. If other people were in the house or it was a shared system, I would require the login every time.

If people are sharing logins on the Mac, then I can assume they are trusted enough, or they should stop doing that, because too many things are tied to our logins these days.

[tencentshill]

It's essentially AirPlay/Wireless carplay but can be initiated from the receiving device. Any attacker would have to establish a direct wi-fi connection. The new Remote Support feature still requires on-device initiation. https://support.apple.com/guide/iphone/request-give-remote-c...