Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Planning System for Retail Stores to Update iPhone Software With No Need to Open Box
- Thread starter MacRumors
- Start date
- Sort by reaction score
Hmm
These are unlocked empty devises, I'm pretty certain you couldn't do this with a user ID present.
Great move by Apple!
I would guess the same number that get bricked by implementing an OS update wirelessly outside the box. For me, this means there was a defect in the phone and I would appreciate it being identified before I took it home
From my understanding of the wireless network quality of the Apple Store... Instead of using this thing to use the pathetic 20MHz Wi-Fi 4 network update system in the store, it is better to lend an Ethernet cable and converter to everyone who buys iPhone 15, iPhone 15 Plus, iPhone 15 Pro and iPhone 15 Pro Max. Ethernet is much faster than this.
(At least when I was in Zhongjie Joy City, it was difficult to complete the recovery of iCloud backups with Wi-Fi, while Ethernet only took a few minutes.)
(At least when I was in Zhongjie Joy City, it was difficult to complete the recovery of iCloud backups with Wi-Fi, while Ethernet only took a few minutes.)
It is pretty common to have a super admin account on things that is put into the default OS. In this case the account is put into the core OS that they can use to approve OS updates. As soon as a "real" account is put on the phone that super user account is invalidated and loses all power and is effectively deleted.
I know at one place I worked in the software we put in a basic admin account. It could do a lot of things but as soon as a real user was added the first thing the code did was delete that account and render it useless.
In a later wed product we put in our own super admin accounts for the web side controls but still those could not get into a lot of the user databases and have limited power.
two things can be true at once. I never commented anything with respect to your assertion. Regardless, I'm not worried about the Apple employee at the Apple store so much as I am about the fact that this introduces a supported process to remotely (as in wireless, I understand you'd need to be physically [very] near) change the OS on a powered down phone. I'd expect it's a matter of time before Pegasus or such can exploit that. Now you have an attack that can take place anywhere a bad actor can get close to your phone for a relatively short period of time. In my mind that's considerably worse than a single physical location (factory) where QA can be validating the OS prior to ship and the specific recipient isn't known yet. I'm not saying China based factories can't be a vector, I'm saying that providing a supported mechanism to change the OS without physically touching the device, even while powered down, is highly concerning. If you can't see that, then "riiiiiiiight" back at ya.
Sounds makes sense, but iOS (and macOS, watchOS... etc included too) have regorious machenisms built in to ensure that the update process cannot be manipulated by anyone or in any way, detailed in their Platform Security Guide. Among these machenisms is a process called "Personalized update" that ensures every update to be verified by the server before being installed; and even if something malicious is installed, they should never be able to make their way through Secure Boot. So... it should be safe, I guess
It's wonderful that they have written that and I don't discount that Apple spends a great deal of time making their OS as secure as possible. I run Apple devices in part because of the high degree of security they deliver. However, jailbreaking, Pegasus, GrayKey and a host of other hacks and exploits illustrate the difference between theory and practice. Security is not absolute, it is a cat and mouse game and I'm concerned about opening such an attack vector simply for the convenience factor of being able to update without opening the box.
No, obviously not. What they should do is make sure they do a better job of not releasing operating systems that could break their own devices.
Me too (with an XR). But I’m a bit concerned how much longer our luck will hold out.
We probably wont get iOS18, which is fine. I'm more than satisfied with five OS upgrades, and we will still get security updates.
If I want to target your phone it’s easier to wait until you have it in your hands than try to find the needle in the haystack in the supply chain.
HobeSoundDarryl
macrumors G5
And if that’s absolutely true, all this worry about this “pad” update occurs before it’s in anyone’s hands. So much ado about nothing… if that’s true.
How many iOS updates came out while the phone was sitting on a shelf in the back of the store before you bought it? That’s the point of the comment.
"Weeks" was over 15 years ago that number has dropped. I am certain Apple has the numbers to predict how many devices are sold day-to-day.
Wrong life span. We are talking about the amount of time any Apple product sits on a shelf at their stores/warehouses. Before Tim Cook, Apple had warehouses full of old Apple products that it would never sell. Also Apple won't oversell it's products to any vendor. If they feel the vendor is unable to move the numbers they are asking for they reduce it. It pissed off large electronics stores like BestBuy and it's carrier stores because their stock was limited during new product releases.
Not all the batteries are going to be sufficiently charged to allow an update to take place. Therefore, if Apple are planning to use NFC for charging, how far away from the charging base does the phone have to be before it stops working? because remember the iphone will be in a box, supported mid air in the box by some internal cardboard design. Also, if there is not enough charge in the battery and the iphone cut's out during the update process it could brick the iphone but there will be no way of knowing this until a customer picks up their boxed iphone, removes it and finds it wont power on. This has the potential to cause more headaches than it's worth.
How so? Your iPhone already does OTA update. How would a different OTA update, using the same security mechanisms in the update process introduce a new attack vector?
