Apple Planning System for Retail Stores to Update iPhone Software With No Need to Open Box

[zkap]

In any iPhone update, the majority of the time is taken up by the downloading and verifying of the update file. I would imagine this would be eliminated by having the update file on the pad so it would only leave the installation, thus not producing that much heat, and I certainly wouldn't expect enough heat to cause any issues in the box. The installing of an update doesn't take that long, and if they're going to do it by circumventing the downloading process, then I can see this being done at the point of sale.

They could just place the box on the pad and it wakes the iPhone and pushes the update while the customer is busy finalizing the purchase. They could potentially just need the time necessary to push the file wirelessly to the iPhone and the phone could then continue installing the update inside the box as the customer takes the box with them. In that case heat is not an issue at all as the customer will open the box soon anyway.

I don't think this will be organized in a way that stores have to go around updating inventory phones, that wouldn't make sense. Even if we put battery and heat concerns aside, the man-hours needed to individually update every iPhone in stock would be a waste. If they implement this, I expect it to be a short process, with most of the work done before the box goes on the pad and after it is taken off the pad.

 

[RobArtLyn]

Not all the batteries are going to be sufficiently charged to allow an update to take place. Therefore, if Apple are planning to use NFC for charging, how far away from the charging base does the phone have to be before it stops working? because remember the iphone will be in a box, supported mid air in the box by some internal cardboard design. Also, if there is not enough charge in the battery and the iphone cut's out during the update process it could brick the iphone but there will be no way of knowing this until a customer picks up their boxed iphone, removes it and finds it wont power on. This has the potential to cause more headaches than it's worth.

You are absolutely right. There is absolutely no way at all that the external update process could verify that it worked correctly before shutting down and alert personnel if there was a problem, or even check if the phone battery had sufficient charge before starting. Nope, no way at all.

 

[darngooddesign]

Innovative lmao!!!! These companies kill me with this word.... Remotely pushing firmware is now innovative? Haven't seen anything since maybe the FaceID. They called iMessage innovative too LOL

I mean… it was innovative.

 

[nims]

Sending texts in blue bubbles is innovative? Yea sure

 

[darngooddesign]

Sending texts in blue bubbles is innovative? Yea sure

If that’s only innovation you think iMessage had over SMS, or iChat to a lesser degree, there’re really no point in discussing it with you.

 

[0423MAC]

Innovative lmao!!!! These companies kill me with this word.... Remotely pushing firmware is now innovative? Haven't seen anything innovative since maybe the FaceID. They called iMessage innovative too LOL

Innovative is the best way to put it. It doesn’t have to be revolutionary, just a new way of doing things.

 

[ipaqrat]

Me too (with an XR). But I’m a bit concerned how much longer our luck will hold out.

Don't be naive. It's not luck. Apple totally road-maps obsolescence. 17 is probably the end of the line for the XR. Apple tolerates us unmotivated, subversive, filthy, stinking, counter-economic layabouts avoid giving them another $1000 for @ six years. I have an iPhone plain-a55-X that is now capped at iOS 16, even though my wife's SE2, with the same innards, could get iOS 17 (though not via over 4G LTE out in horse country). Furthermore, my year-old Apple Watch Ultra is artificially capped at WatchOS 9; it will not update unless its paired phoned is on iOS 17. So I'm double screwed. Though I am glad I didn't pre-order a 15 Pro; it seemed sorta "transitional" in the runup to release, and has proven a unexpectedly buggy, albeit at the fringes.

 

[ipaqrat]

Not all the batteries are going to be sufficiently charged to allow an update to take place. Therefore, if Apple are planning to use NFC for charging, how far away from the charging base does the phone have to be before it stops working? because remember the iphone will be in a box, supported mid air in the box by some internal cardboard design. Also, if there is not enough charge in the battery and the iphone cut's out during the update process it could brick the iphone but there will be no way of knowing this until a customer picks up their boxed iphone, removes it and finds it wont power on. This has the potential to cause more headaches than it's worth.

Size, Distance and Field strength for Consumer MagSafe/Qi charging plates is configured for consumer convenience and non-interference with common household electronics. The physics, and technologies that express it, are plainly capable of charging at a distance. Packing material is irrelevant.

Given the 100% known state of firmware chipped at the factory, and then scanned and compared before/after to a suitably long checksum (prolly SHA256 for safety), yeah, reliability of such upgrades should be no problem. The "Plate" will prolly operate in an over-engineered mini Faraday cage, with its own battery for power fail-over.

 

[laptech]

Size, Distance and Field strength for Consumer MagSafe/Qi charging plates is configured for consumer convenience and non-interference with common household electronics. The physics, and technologies that express it, are plainly capable of charging at a distance. Packing material is irrelevant.

Given the 100% known state of firmware chipped at the factory, and then scanned and compared before/after to a suitably long checksum (prolly SHA256 for safety), yeah, reliability of such upgrades should be no problem. The "Plate" will prolly operate in an over-engineered mini Faraday cage, with its own battery for power fail-over.

What you say should be easily proved. Someone with an iphone 15 and NFC charger. Power on the iphone, put the iphone back in it's box, put the box on the NFC charger and see if the iphone starts charging.

 

[Ohples]

You know this wouldn't be as much of an issue if there was a way to update the software during the setup. Many times I've had issues doing the transfer from one phone to a new phone because the new phone had older software. However in order to do the update you need to complete the setup first, do the update, then reset it to transfer it. I think there is a way to update it via finder/iTunes. But a "would you like to update" after you select the wifi network would be even better.

 

[RobArtLyn]

What you say should be easily proved. Someone with an iphone 15 and NFC charger. Power on the iphone, put the iphone back in it's box, put the box on the NFC charger and see if the iphone starts charging.

He didn’t say it would work with a current consumer available charger. He said there is nothing stopping Apple from building one that would work with the phone still in the box for their use.

 

[RobArtLyn]

You know this wouldn't be as much of an issue if there was a way to update the software during the setup. Many times I've had issues doing the transfer from one phone to a new phone because the new phone had older software. However in order to do the update you need to complete the setup first, do the update, then reset it to transfer it. I think there is a way to update it via finder/iTunes. But a "would you like to update" after you select the wifi network would be even better.

That is exactly the option I was presented when I got my 15. I was notified of an existing update and asked if I wanted to apply it before proceeding.

 

[ipaqrat]

Apple is planning to implement an innovative new system that allows retail store staff to wirelessly update iPhones inside their sealed boxes, according to Bloomberg's Mark Gurman.... The system then wirelessly turns on the iPhone, updates its software to the latest version, and powers it off, with no need to open the device's packaging.

Kudos to Apple for solving a genuine logistics problem, though the tech isn't new... whoa, wait... 🤨😖🤬 <Triggered>

This is another pesky "Dual Use" technology, along the lines of Apple's aborted CSAM scanning "feature." Good idea in the store (updates, patches, blah, blah, blah), but should also remind us of an Elephant-In-The-Room privacy/security risk: Shutting off a device is no guarantee that it can't be pwned - because users don't control the power.

Yeah, it can be argued that only Apple has the secret-squirrel supreme root cert credential. Heh, yeah, whatever; that's what hacking is for. And, anyway, once Quantum gets out of the lab, they may as well not bother. Quantum-proof crypto will not be sustainable on mobile anything.

This story about Apple's use case is a friendly reminder that USERS DONT CONTROL THE POWER. Okay, so pair that up with the prospective British law to include back-doors to all data crypto systems (in summary: Cops gotta be cops, do cop stuff). Then extend that up to an overtly authoritarian regime (we here in the untied states of amerigo are NOT out of the woods in this regard, as demonstrated recently). Then extend that down states like Texas that criminalizing certain human gestational contingencies, Or California criminalizing automotive hobbies, or Florida criminalizing the complete records of history and psychology.

Technologically, this cat was never bagged, (though one's head might have been, if one hadn't paid attention since VCR's all got Standby, instead of Off, so the grandkids could set the clock and timer to record Jeopardy.) However, if consumer sentiment gets stirred up enough, the body politic might demand (petition, hate-tweet, lobby, bribe, etc.) a mandate for hard physical power switch on all consumer electronics intended to store, process or monitor any user-generated content, or metadata, of any type. I mean CPU cuttoff, RAM cutoff, EPROM cutoff, NVM cutoff... Truly everything the F Off. If someone starts this movement, THEN we'll see the real snakes slither out of the proverbial woods in opposition.

 

[HobeSoundDarryl]

Not all the batteries are going to be sufficiently charged to allow an update to take place. Therefore, if Apple are planning to use NFC for charging, how far away from the charging base does the phone have to be before it stops working? because remember the iphone will be in a box, supported mid air in the box by some internal cardboard design. Also, if there is not enough charge in the battery and the iphone cut's out during the update process it could brick the iphone but there will be no way of knowing this until a customer picks up their boxed iphone, removes it and finds it wont power on. This has the potential to cause more headaches than it's worth.

Of course to make this pile of catastrophes true, this OPTION has to become mandatory (that all of them must be updated every time there is an update)... that there are few ways to box them for NFC to work in support of this new OPTION... that this OPTION can't first check to verify there is enough battery to complete an update... and that there is no way through this OPTION for the updated phone to confirm a successful update (to rule out any bricked devices being sold), etc.

I guess imagining disaster is easier than imagining simple "if/then" processes to make an option like this work well.

I see this as facilitating a situation where sooner after the new "gee whiz" thing from Apple is unboxed, it can start getting used... less steps after unboxing... latest & greatest features available immediately... and further options to perhaps punch in an AppleID so that it can go ahead and replicate the iDevice it is replacing on being unboxed (all apps in place, backup data in place, etc).

And note that every new thing/creation doesn't automatically have to be taken/used/run to the extreme. I wonder if most iDevices are even sold in Apple retail stores? All the ones arriving by mail or bought through countless other retailers would- presumably- not have this pad update system and thus be updated as they are now... after unboxing. And anyone so worried about everything that can go wrong could still order the pad-less "not updated" way and do things as it is done now.

 

[maxoakland]

This is kind of awesome. Very futuristic

 

[thisisnotmyname]

How so? Your iPhone already does OTA update. How would a different OTA update, using the same security mechanisms in the update process introduce a new attack vector?

Attacks almost always involve chaining together multiple exploits to achieve their ends. Today there is absolutely zero way for an attacker to start an attack on my powered off device without physically interacting with it. This provides a supported mechanism to take a powered off phone and without touching it at all have it perform an update to a new operating system. That's huge. I'm not saying that by itself gets the job done for the attacker but combine that with fooling the device into accepting a falsified OS and now you own that device without ever touching it. Owning an iPhone is possible today, owning one that's powered down without any physical contact is new and carries pretty significant risks. If I were a nationstate or a company that caters to nation state actors (e.g. NSO Group) I'd be incredibly interested in this technology.

 

[BC2009]

1) If needed the same pad could power/charge the phone

Through the iPhone’s box? That would be a neat trick.

3) I would imagine this would be part of delivering of the phone to the customer. Only do it once while the phone is about to be delivered.

And make the customer wait for an iPhone update? Maybe if they updated a certain number of phones each day for sale to have them ready to go.
W

 

[darngooddesign]

Don't be naive. It's not luck. Apple totally road-maps obsolescence. 17 is probably the end of the line for the XR. Apple tolerates us unmotivated, subversive, filthy, stinking, counter-economic layabouts avoid giving them another $1000 for @ six years. I have an iPhone plain-a55-X that is now capped at iOS 16, even though my wife's SE2, with the same innards, could get iOS 17 (though not via over 4G LTE out in horse country). Furthermore, my year-old Apple Watch Ultra is artificially capped at WatchOS 9; it will not update unless its paired phoned is on iOS 17. So I'm double screwed. Though I am glad I didn't pre-order a 15 Pro; it seemed sorta "transitional" in the runup to release, and has proven an unexpectedly buggy, albeit at the fringes.

MR Users: iOS updates don’t have anything useful in them

Also MR Users: Why my six year old phone no get new update.

 

[ryanflanders256]

Cool! Steve Jobs would approve. 👍

 

[technole]

It's not like Apple stores have inventory that goes beyond a week at-best, so we're not talking a crate of updates. Totally a good idea during the launch month for these dire upgrades that makes an upgrade experience easier and faster for customers.

 

[ipaqrat]

What you say should be easily proved. Someone with an iphone 15 and NFC charger. Power on the iphone, put the iphone back in it's box, put the box on the NFC charger and see if the iphone starts charging.

Nope, nope, nope. Pardon my lack of clarity.

The capability Apple describes would run much higher high signal strength, very precisely tuned, very well shielded with perfectly conditioned power. This is pretty much the opposite of the crap gadgetry we consumers have available.

Feeding run-time power to make up for low batteries would be a simple matter. The system probably boots the device into at least a microkernel, logs on with root auth, enables wifi for bandwidth (or perhaps use the power coil itself as a wireless connection point), and then applies the payload. NFC (according to FCC and NIST specifications) wouldn't ordinarily support workloads to patch/reimage; the NFC antenna would probably melt.

To reiterate my commentary elsewhere in this thread about hacking/surveillance risks: Without a hard power cutoff in the device, the user cannot trust the "power-off" state. I guarantee this technique has become well enough developed over the years to present a meaningful attack surface. Can you imagine a diligent, persistent adversary pwning truckloads of iPhones between factory and shipper. I guarantee the mobile device management teams supporting gov't offices have absolutely ZERO intent or capability to screen "brand-new" hardware for such a threat.

NIST publications 800.53 Rev 5 now contain a set of controls about supply chain security. This is the sort of technique that limits supply chain security to wishful thinking - until complete supply chains are returned to the Continental US, which will be never. Share and Enjoy!

 

[ipaqrat]

Attacks almost always involve chaining together multiple exploits to achieve their ends. Today there is absolutely zero way for an attacker to start an attack on my powered off device without physically interacting with it. This provides a supported mechanism to take a powered off phone and without touching it at all have it perform an update to a new operating system. That's huge. I'm not saying that by itself gets the job done for the attacker but combine that with fooling the device into accepting a falsified OS and now you own that device without ever touching it. Owning an iPhone is possible today, owning one that's powered down without any physical contact is new and carries pretty significant risks. If I were a nationstate or a company that caters to nation state actors (e.g. NSO Group) I'd be incredibly interested in this technology.

Agreed, except this tech is not new. It's long out of the lab, and in common use with SCADA, security and human wetware implants. It's particularly handy for cold backup SCADA, where the gear is normally off-line and unpowered. I'm aware of scenarios planned to perform this by helicopter, submarine or zodiac, where it's prohibitive to either run cables or travel casually.

 

[frownface]

I would guess the same number that get bricked by implementing an OS update wirelessly outside the box. For me, this means there was a defect in the phone and I would appreciate it being identified before I took it home

Unless you're the sort that opens the device when you're at home; like people who receive theirs in the mail.

 

[ipaqrat]

wonder how many devices will fail an update and get bricked, even before opening a box hmm

The system described, having established power and root access to the device, would prolly run a long checksum on the binary in place, then compare the checkcum after delivering the payload. It would be no more or less error prone than doing same at factory.

There seems to me a general misconception of how mass firmware imaging works. Generally speaking it's statistically very near 100% safe and successful - but only because the current and end states are totally clean. The hot instant a device is exposed to real-world conditions, from the user's very first boot at home, with thier filthy power and patchy-a55, packet-dropping networks, all bets are off.

And yes, some will be bricked, in the box, in a way Apple's system couldn't detect. And we'll see them here, hysterical and angry, matter of time.

 

[ipaqrat]

How so? Your iPhone already does OTA update. How would a different OTA update, using the same security mechanisms in the update process introduce a new attack vector?

This turns out to be a good point for disambiguation. Apple's OTA updates services about as good as it gets. I've had several of every device since 2007 (in various roles in cybersecurity engineering) (though my own personal device is an iphone X, because horses eat all my money). Never had one brick, never detected a security breach associated strictly with the OTA process. Out in user land, there are PKI certificate exchanges, lengthy hashing for checksums, and a litany of exceptions and fault states, to say nothing of actual hacking including devious root kits.

On the other hand, the security measures in Apple's in-store logistics chain would be using vastly different mechanisms. They would start with shrink-wrapped inventory will have a perfect baseline to start with, a known perfect payload, local root access, full diagnostics and telemetry, a fresh power loop, and no service provider ********. Out in the real world, we don't have any of those advantages.