Apple Readying In-Box iPhone Software Update System for Retail Stores

[polyphenol]

Will Apple be able to update phones sent out, or supplied via non-Apple retailers, rather than picked up in Apple stores?

There is no Apple store within sensible travelling distance so I always buy online (from Apple). Others might get theirs from retails such as John Lewis, Select or mobile operators.

 

[Tres]

The ability to request that a device load new firmware when powered on but not set up could be convenient for Apple staff, but that implies that a special "mode" is available, in which firmware can be loaded without actually setting up the device. In a worst-case scenario, an attacker could gain access to this mode, load the device via Wi-Fi with compromised firmware and the customer would not even know the difference.

Hopefully Apple has already thought of these things, as I suspect they have. Just saying that the more "special modes" of access to the firmware that you open up, the greater the likelihood that the device can be compromised, even if theoretical at present.

It could literally have no more ability than to tell the device "Boot in this pre-defined mode which is already in your firmware" and from that point the device does everything else (this seems likely).

In fact there are already special boot modes like diagnostic mode and that certainly hasn't been compromised.

Also, iPhone firmware needs to be signed by Apple to be installed, so it doesn't seem like any more of an issue than updating over wifi?

Like, using that argument you could say that someone could spoof an Apple update server and cause iPhones to install malicious firmware.

 

[jlc1978]

One I can think of is the temptation to make updates even more 'just in time' than they are now: i.e. ship products that have known bugs just to get the logistics rolling and the physical devices where they need to be and then have the stores update the software manually (and make miss a few devices).

If anything, the risk of bricking phones in stores should make QC and testing more stringent to avoid having to refresh a whole lot of phones worldwide.

Having to place an iPhone on a pad-like device to turn it on and update it isn't the same as turning it on and updating it "from a distance"

Exactly. People act like the is some new thing beyond behaviors exhibited when put on a magnetic charger.

Putting a shut-down iPhone on a wireless charger (or connecting to a charger) has always turned them on.
That behaviour is not new.

Yup, and this eliminates the hassle of having to connect to Apple's servers during setup and waiting for an update to load; saving a lot of setup time.

As I see, if you are obligated to run a certain OS then the device is not yours.

Until you buy iii it isn't; and Apple can update phones before the sale as needed.

The ability to request that a device load new firmware when powered on but not set up could be convenient for Apple staff, but that implies that a special "mode" is available, in which firmware can be loaded without actually setting up the device. In a worst-case scenario, an attacker could gain access to this mode, load the device via Wi-Fi with compromised firmware and the customer would not even know the difference.

Hopefully Apple has already thought of these things, as I suspect they have. Just saying that the more "special modes" of access to the firmware that you open up, the greater the likelihood that the device can be compromised, even if theoretical at present.

From the description, an attacker would have to have physical control of the phone; in which case there are already ways to compromise the phone.

It will be interesting to see how this is implemented.

Will Apple be able to update phones sent out, or supplied via non-Apple retailers, rather than picked up in Apple stores?

There is no Apple store within sensible travelling distance so I always buy online (from Apple).

I suspect so since they can control the stock and the updates.

Others might get theirs from retails such as John Lewis, Select or mobile operators.

I'm not so sure as Apple would not want to risk untrained staff messing it up and bricking phones; by lifting it to Apple they can ensure the people doing the updates are properly trained and the devices properly used.

 

[polyphenol]

I'm not so sure as Apple would not want to risk untrained staff messing it up and bricking phones; by lifting it to Apple they can ensure the people doing the updates are properly trained and the devices properly used.

I rather agree. But it is a question that needs to be asked - and answered.

 

[jchap]

It could literally have no more ability than to tell the device "Boot in this pre-defined mode which is already in your firmware" and from that point the device does everything else (this seems likely).

In fact there are already special boot modes like diagnostic mode and that certainly hasn't been compromised.

Also, iPhone firmware needs to be signed by Apple to be installed, so it doesn't seem like any more of an issue than updating over wifi?

Like, using that argument you could say that someone could spoof an Apple update server and cause iPhones to install malicious firmware.

Well, if there was a certain level of user interaction required for this firmware transfer to occur, as there is with diagnostic mode on the Mac, for instance, the risks would be negligible, I suppose. I'm no security expert and these things are getting way more advanced that I can even begin to comprehend. I'm just surprised that Apple is creating a backdoor of sorts for this.

 

[mikey918]

How long until the EU demands that Apple open up this technology too?

 

[nt5672]

I'm pretty sure that in 3 to 5 years Apple will get this technology secure against common thieves. Probably no chance that any government agencies will be able to walk up next to you and install "special" software just for you.

 

[nt5672]

. . . .
I would expect them to be extra careful instead of being the end user the one beta testing and losing iCloud content, music playlists, features that worked suddenly broken, etc. . . . .

OMG, this is Apple we are talking about. Being careful is smiling at Cook when he walks through the office. Nothing else matters.

 

[SoldOnApple]

Clever. I wish video game consoles could do the same. Updating being the first thing you need to do with a new product is not fun.

 

[deadspider187]

As I see, if you are obligated to run a certain OS then the device is not yours.

That's kind of a weird take. This would mean you don't believe you own your car, any IoT devices on your network, television, printer, kitchen appliances, etc.

 

[Dionte]

Is your iPhone really yours?

The EU has shown us its not Apple’s

 

[jarman92]

This sounds like a security nightmare. Being able to remotely power on a device and load firmware on it maybe safe for now until the bootloader is compromised or Apple's signing keys get leaked. But once that is done, this sounds like a disaster waiting to happen

But it still requires physical access to the device—it’s not like you can do this from across the street.

 

[citysnaps]

Oh no... the sky is falling. Again. I'm sure that all the reflexive nightmare scenarios presented in posts up above have never occurred to Apple.

 

[jonnysods]

So they can turn a phone on from a distance. While a great idea for updates, I definitely wonder what dangers this ability opens up.

That's the first thing I thought of too - exploits. Imagine being the person that stole that device and used it to inject code into a device.

 

[grammatica]

This reminds me of the Severance episode in which the characters discover that Lumon could remotely activate their brain implant. Is the "off" state really ever "off" anymore?

 

[Victor Mortimer]

This sounds like a major security issue! The knowledge of this should not have been revealed, now it’s a race to see who can exploit it first. Giant mistak.

Wait, you think the problem is that we know it's possible?

NO. The problem is that it is possible, not that we know about it. This is the sort of thing that should be given a CVE assignment, it's a massive security hole that needs to be eradicated.

 

[IIGS User]

I would like to think the folks at Apple see the potential security hole here.

It's like an open window to put a day 1 exploit on a device. I don't know if I'm a huge fan.

 

[maxfromdenmark]

So they can turn a phone on from a distance. While a great idea for updates, I definitely wonder what dangers this ability opens up.

yes, someone needs to have that device and physically get your iPhone to put on/inside so from now your smartphone is in danger of being updated.

 

[Tres]

Why is everyone forgetting that updates need to be signed to be installed?

If exploiting iPhones through firmware was as easy as everyone is making it out to be, then jailbreaking wouldn't be as difficult as it is.

Or, take the Apple Watch for example. The Apple Watch apparently has dedicated hardware to wirelessly transfer firmware to devices that won't boot. This has never (as far as I can tell) been exploited.

From a practicality and security perspective I sincerely doubt that Apple would have undermined all of the effort they put into securing their devices simply to make updating iPhones prior to purchase possible.

I'm stepping away from this discussion because it's mainly turning into FUD, but think about the company that is implementing this. We're not talking about some two-bit Chinese manufacturer of Android phones here.

I'll end on a few thoughts:
1. Although the article is light on details, this method is probably a lot less complex than everyone is making it out to be and may not be using dedicated hardware on the iPhone-side at all.
2. I am almost 100% sure it was designed to function within the pre-existing security framework of iPhones, without undermining anything.
3. It may have even been designed in a way that completely prevents it from working on activated, functioning devices.

 

[rorschach]

I’m almost certain this is just a variation of the way software is flashed onto devices at the factory. People don’t really believe millions of newly-manufactured iPhones are getting manually plugged into computers and someone is clicking “Restore”, do they?

- It’s not “remote". It requires the phone to be in a special fixture.
- It almost certainly requires some sort of employee authentication to initiate it
- The updates being installed are the same as the ones you would get by going through Settings. This wouldn’t allow random unsigned/modified firmware to be installed.

 

[rorschach]

Well, if there was a certain level of user interaction required for this firmware transfer to occur, as there is with diagnostic mode on the Mac, for instance, the risks would be negligible, I suppose.

There is. They have to be placed in a fixture.

 

[Victor Mortimer]

I’m almost certain this is just a variation of the way software is flashed onto devices at the factory. People don’t really believe millions of newly-manufactured iPhones are getting manually plugged into computers and someone is clicking “Restore”, do they?

- It’s not “remote". It requires the phone to be in a special fixture.
- It almost certainly requires some sort of employee authentication to initiate it
- The updates being installed are the same as the ones you would get by going through Settings. This wouldn’t allow random unsigned/modified firmware to be installed.

Yes, I absolutely DO believe that phones at the factory are physically connected to a computer to do software installation. Manually with somebody clicking something? No, of course not. But yes, they'd obviously be physically connected to a computer, probably before the logic board is even installed in a finished device. There's no need to do anything else, and why would they complicate the process with some idiotic wireless system?

And, you do know the manufacturing process isn't completely done by robots, right? Humans touch every iDevice multiple times during the process, humans actually put a lot of the screws in.

 

[thebeans]

Apple is set to roll out a new system that allows retail store staff to wirelessly update the software on iPhones prior to sale, without having to take them out of their packaging.

Writing in the latest edition of his Power On newsletter, Bloomberg's Mark Gurman said the new proprietary system, called "Presto," relies on MagSafe and other wireless technologies, and "looks a bit like a metal cubby for shoes." It will begin rolling out widely across the U.S. in April, with Apple's intention to have the technology in all U.S. retail stores by early summer, he added.

Gurman first reported on the wireless system in October, describing it as a "proprietary pad-like device" on which retail store staff can place a sealed ‌iPhone‌ box. The system wirelessly turns on the iPhone inside, updates its software to the latest version available, and then powers it off.

Apple developed "Presto" as a way to avoid selling iPhones in retail stores with outdated software. For example, the iPhone 15 series shipped with iOS 17, but Apple subsequently released iOS 17.0.1 before the devices launched. The point update was required to fix an issue that prevented the transfer of data directly from another iPhone during the initial setup process.

That meant new iPhone 15 owners had to update the devices themselves as part of the setup process, or manually via the Settings app under General → Software Update if they opted to set up the device as new and transfer data later. Following the rollout of "Presto," such a scenario will be avoidable, making the setup process more straightforward for end users.

Article Link: Apple Readying In-Box iPhone Software Update System for Retail Stores

I have often wondered how retailers do new phones. I get my iPhones through a corporate account at work. They are on Verizon. Each time I order a new phone, it comes sealed in the box but it has a Verizon sim already installed and it’s already programmed with my number. I just take it out and activate and transfer stuff from my old phone. So does Verizon just have phones delivered from Apple with sims already installed and the serial number of the sim associated with the serial number of the phone such that they can assign a phone number to that sim and it’s ready to go once activated?

 

[rorschach]

Yes, I absolutely DO believe that phones at the factory are physically connected to a computer to do software installation. Manually with somebody clicking something? No, of course not. But yes, they'd obviously be physically connected to a computer, probably before the logic board is even installed in a finished device. There's no need to do anything else, and why would they complicate the process with some idiotic wireless system?

And, you do know the manufacturing process isn't completely done by robots, right? Humans touch every iDevice multiple times during the process, humans actually put a lot of the screws in.

You do know that this process also requires humans, right? They have to be placed in a proprietary fixture. Read the article.

 

[ifxf]

So you get home, open the box and find your new phone is a brick.