Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
This is the sort of thing that should be given a CVE assignment, it's a massive security hole that needs to be eradicated.
Okay, I‘ll bite.

Please teach me, why I‘m wrong.
Please teach me your reasons, why this is a huge security hole and a normal OTA Update during Setup is not.
I‘m not attacking you.
I’m seriously trying to learn something.
 
Is your iPhone really yours?
I’m starting to believe that nope. Cause I was just convince that the songs and movies you buy from digital stores you don’t actually own them even even if you pay 500 dollars for a complete series. We don’t actually buy the phone we pay to rented it cause I think that maybe any company could just wirelessly push a setting to block every phone without us having to do nothing. Soooo we are renting the stuff. i don’t care I can’t wait for the iPhone 16 pro max 2tb to rent it.
 
  • Like
Reactions: G5isAlive
A few thoughts:

a. It has probably been in the works if not already in use in the factory for a very long time. iOS has to make it into the device quickly/efficiently when you’re making hundreds of millions of them.

b. It will probably require the device to be in a specific factory state. I’d guess that once the phone is unboxed and activated by the consumer this Presto device won’t work

c. It may just stage updates and allow that update to apply itself when the consumer boots it. If so, this will benefit from all the security that is inherent in today’s iOS updates - just saves the initial network pull for a new fresh update

See no reason for any new security concerns here, esp. if it’s designed to only work prior to activation.
 
Wonder if this uses a combination of NFC technology and the connection used for wireless charging. Perhaps the phone would have to be powered on by a magnetic source, since it can't always be on inside of the package...

The fact that Apple is allowing iPhones to be powered on from a near-field source and flash-updated is a little concerning from a security point of view.
Which it already does, the only big difference here is you don't need to press a button on the screen to OK the update apparently. Your phone already turns on when it gets attached to a MagSafe pad and would ask about an update if one existed, that is the difference is the apparent feature doesn't ask, it just does it. I am assuming it is some special MagSafe pad as otherwise it would autoupdate every time you charged (essentially like pressing the "always keep my iPhone updated" in settings). I do agree from a UX standpoint it is always crappy to be installing an OS and be faced with some huge 500mb download (or larger) and depending on where you are that could be a very, very long download (even on gigabit fiber it takes a while to download and apply). And certainly in the example listed the update fixed the initial setup/migration process which would be a real issue for the average consumer.
 
Okay, I‘ll bite.

Please teach me, why I‘m wrong.
Please teach me your reasons, why this is a huge security hole and a normal OTA Update during Setup is not.
I‘m not attacking you.
I’m seriously trying to learn something.
There are a few problems here.

First, normal MagSafe charging requires near-contact with the phone. Even half an inch is too far away. So either the boxes are going to be a LOT thinner, or this can power up a phone at a greater distance than normal inductive charging. The phones are also typically packed with the back to the cable, which would normally interfere with inductive charging. So either they're going to be packing them backwards, or something else has changed.

Second, and more importantly, this means there's now a mechanism to remotely initiate an update, with ZERO user interaction. It WILL be reverse engineered and/or something about the process initiation will leak. It will then be possible to remotely initiate an update with modified firmware without user knowledge or interaction. Yes, that means also finding a bug in Apple's signing code, but we know those exist, particularly for a product as buggy as current iOS.

Even if the code allowing it is self-erasing after one use (and I'd bet it's not), it would still be possible to interrupt delivery somewhere in the chain for a sufficiently sophisticated attacker, and then use this mechanism to initiate a modified firmware install on a still factory sealed new phone. Harder, of course, but not that difficult for a state-level bad actor or sophisticated non-state organization.

During normal initial setup, you're connecting to a known WiFi network, hopefully secured against DNS modifying attacks. If your DNS is not secure, it's still a risk during normal setup.

It's one more obvious hole that Apple has added, a hole that has no good reason to exist. It'll be an extra PITA for Apple store employees, and all because somebody at Apple thought firmware updates in the box were somehow necessary.
 
  • Like
Reactions: milkrocket
Will Apple be able to update phones sent out, or supplied via non-Apple retailers, rather than picked up in Apple stores?

There is no Apple store within sensible travelling distance so I always buy online (from Apple). Others might get theirs from retails such as John Lewis, Select or mobile operators.
Highly unlikely. This process relies on a proprietary device that Apple will likely not allow to be sent to Best Buy or other retailers, for all kinds of reasons (just look at all the "the sky is falling" posts on this thread, saying this will be a security nightmare).

For people who don't get their device from an Apple Store, just go home and go through the setup process there, as always. Your device will download the latest OS during that process, like before.
 
  • Like
Reactions: polyphenol
Well, if there was a certain level of user interaction required for this firmware transfer to occur, as there is with diagnostic mode on the Mac, for instance, the risks would be negligible, I suppose. I'm no security expert and these things are getting way more advanced that I can even begin to comprehend. I'm just surprised that Apple is creating a backdoor of sorts for this.

The item literally says the phone is in a sealed box when this takes place. The only user interaction at that point is telling Apple Store staff "I want that one in Space Black, here's my credit card."
 
Second, and more importantly, this means there's now a mechanism to remotely initiate an update, with ZERO user interaction.
You're assuming the update mechanism can be triggered on a device which a user has registered.
Its trivial for the phone to ignore the update request if the device isn't in the In-Box or "Factory Reset" state.
Even if the code allowing it is self-erasing after one use (and I'd bet it's not), it would still be possible to interrupt delivery somewhere in the chain for a sufficiently sophisticated attacker, and then use this mechanism to initiate a modified firmware install on a still factory sealed new phone.
Modified firmware would fail the signature check.
 
  • Like
Reactions: alee
Oh no... the sky is falling. Again. I'm sure that all the reflexive nightmare scenarios presented in posts up above have never occurred to Apple.
Yeah, it's funny when people reflexively jump to these sorts of conclusions. MagSafe can already turn on an iPhone, and iOS already has a secure system for downloading and installing official updates from the cloud. This feature probably just augments the "device setup screen" so that a local trigger can kick-off the standard update procedure. My guess is that this wouldn't work for initialized/locked devices.
 
This may remain secure until the EU or US decides they need to open that interface to 3rd parties for some BS someone (cough EPIC cough) wishes to free ride on...
 
This is a stupid idea, Apple has a real deep fetish for forcing to update peoples device… NO THANKS. Once all of your Apple signing keys are open then yes go head.
 
Apple is set to roll out a new system that allows retail store staff to wirelessly update the software on iPhones prior to sale, without having to take them out of their packaging.

Apple-Store-Vancouver-Canada.jpg

Writing in the latest edition of his Power On newsletter, Bloomberg's Mark Gurman said the new proprietary system, called "Presto," relies on MagSafe and other wireless technologies, and "looks a bit like a metal cubby for shoes." It will begin rolling out widely across the U.S. in April, with Apple's intention to have the technology in all U.S. retail stores by early summer, he added.

Gurman first reported on the wireless system in October, describing it as a "proprietary pad-like device" on which retail store staff can place a sealed ‌iPhone‌ box. The system wirelessly turns on the iPhone inside, updates its software to the latest version available, and then powers it off.

Apple developed "Presto" as a way to avoid selling iPhones in retail stores with outdated software. For example, the iPhone 15 series shipped with iOS 17, but Apple subsequently released iOS 17.0.1 before the devices launched. The point update was required to fix an issue that prevented the transfer of data directly from another iPhone during the initial setup process.

That meant new iPhone 15 owners had to update the devices themselves as part of the setup process, or manually via the Settings app under General → Software Update if they opted to set up the device as new and transfer data later. Following the rollout of "Presto," such a scenario will be avoidable, making the setup process more straightforward for end us

Article Link: Apple Readying In-Box iPhone Software Update System for Retail Stores
So they can turn a phone on from a distance. While a great idea for updates, I definitely wonder what dangers this ability opens up.
Relax. These are “virgin” phones without a passcode and not the same after your setup.
 
Having to place an iPhone on a pad-like device to turn it on and update it isn't the same as turning it on and updating it "from a distance"

I know I'm late to the comments here, but I wonder if anyone has actually seen one of these yet. I wonder if the packaging is not modified to allow more access than would otherwise be possible.

I would like to see Apple's security analysis of this, that's for sure.
 
Relax. These are “virgin” phones without a passcode and not the same after your setup.

Right but what's to stop someone intercepting it, modifying the software so it's not so virgin, and then delivering the phone to you with modified software lying about its purity.

I grant that this is an unlikely scenario, but three letter agencies have already been documented to interdict packages and modify the contents. It is a thing that people are capable of doing.

There are security patches for iOS devices every other months or so.

Exploit chains exist.

Not saying this changes that either way necessarily, but it does make one think about the process.
 
  • Like
Reactions: milkrocket
Right but what's to stop someone intercepting it, modifying the software so it's not so virgin, and then delivering the phone to you with modified software lying about its purity.
Same mechanism already used to validate updates.
We're not talking novel mechanisms here, but routine file signature validation.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.