Okay, I‘ll bite.
Please teach me, why I‘m wrong.
Please teach me your reasons, why this is a huge security hole and a normal OTA Update during Setup is not.
I‘m not attacking you.
I’m seriously trying to learn something.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Readying In-Box iPhone Software Update System for Retail Stores
- Thread starter MacRumors
- Start date
- Sort by reaction score
Please teach me, why I‘m wrong.
Please teach me your reasons, why this is a huge security hole and a normal OTA Update during Setup is not.
I‘m not attacking you.
I’m seriously trying to learn something.
I’m starting to believe that nope. Cause I was just convince that the songs and movies you buy from digital stores you don’t actually own them even even if you pay 500 dollars for a complete series. We don’t actually buy the phone we pay to rented it cause I think that maybe any company could just wirelessly push a setting to block every phone without us having to do nothing. Soooo we are renting the stuff. i don’t care I can’t wait for the iPhone 16 pro max 2tb to rent it.
But I enjoy updating my new iPhone as part of the setup process!
A few thoughts:
a. It has probably been in the works if not already in use in the factory for a very long time. iOS has to make it into the device quickly/efficiently when you’re making hundreds of millions of them.
b. It will probably require the device to be in a specific factory state. I’d guess that once the phone is unboxed and activated by the consumer this Presto device won’t work
c. It may just stage updates and allow that update to apply itself when the consumer boots it. If so, this will benefit from all the security that is inherent in today’s iOS updates - just saves the initial network pull for a new fresh update
See no reason for any new security concerns here, esp. if it’s designed to only work prior to activation.
a. It has probably been in the works if not already in use in the factory for a very long time. iOS has to make it into the device quickly/efficiently when you’re making hundreds of millions of them.
b. It will probably require the device to be in a specific factory state. I’d guess that once the phone is unboxed and activated by the consumer this Presto device won’t work
c. It may just stage updates and allow that update to apply itself when the consumer boots it. If so, this will benefit from all the security that is inherent in today’s iOS updates - just saves the initial network pull for a new fresh update
See no reason for any new security concerns here, esp. if it’s designed to only work prior to activation.
This is good for those people who buy an iPhone and leave it wrapped in the box hoping to sell it 10 years later for $100,000.
The phone powers on when placed in this cubby, much like when you plug a phone that has been turned off to power and then it powers on. Read the article.
Which it already does, the only big difference here is you don't need to press a button on the screen to OK the update apparently. Your phone already turns on when it gets attached to a MagSafe pad and would ask about an update if one existed, that is the difference is the apparent feature doesn't ask, it just does it. I am assuming it is some special MagSafe pad as otherwise it would autoupdate every time you charged (essentially like pressing the "always keep my iPhone updated" in settings). I do agree from a UX standpoint it is always crappy to be installing an OS and be faced with some huge 500mb download (or larger) and depending on where you are that could be a very, very long download (even on gigabit fiber it takes a while to download and apply). And certainly in the example listed the update fixed the initial setup/migration process which would be a real issue for the average consumer.
There are a few problems here.
First, normal MagSafe charging requires near-contact with the phone. Even half an inch is too far away. So either the boxes are going to be a LOT thinner, or this can power up a phone at a greater distance than normal inductive charging. The phones are also typically packed with the back to the cable, which would normally interfere with inductive charging. So either they're going to be packing them backwards, or something else has changed.
Second, and more importantly, this means there's now a mechanism to remotely initiate an update, with ZERO user interaction. It WILL be reverse engineered and/or something about the process initiation will leak. It will then be possible to remotely initiate an update with modified firmware without user knowledge or interaction. Yes, that means also finding a bug in Apple's signing code, but we know those exist, particularly for a product as buggy as current iOS.
Even if the code allowing it is self-erasing after one use (and I'd bet it's not), it would still be possible to interrupt delivery somewhere in the chain for a sufficiently sophisticated attacker, and then use this mechanism to initiate a modified firmware install on a still factory sealed new phone. Harder, of course, but not that difficult for a state-level bad actor or sophisticated non-state organization.
During normal initial setup, you're connecting to a known WiFi network, hopefully secured against DNS modifying attacks. If your DNS is not secure, it's still a risk during normal setup.
It's one more obvious hole that Apple has added, a hole that has no good reason to exist. It'll be an extra PITA for Apple store employees, and all because somebody at Apple thought firmware updates in the box were somehow necessary.
Highly unlikely. This process relies on a proprietary device that Apple will likely not allow to be sent to Best Buy or other retailers, for all kinds of reasons (just look at all the "the sky is falling" posts on this thread, saying this will be a security nightmare).
For people who don't get their device from an Apple Store, just go home and go through the setup process there, as always. Your device will download the latest OS during that process, like before.
The item literally says the phone is in a sealed box when this takes place. The only user interaction at that point is telling Apple Store staff "I want that one in Space Black, here's my credit card."
You're assuming the update mechanism can be triggered on a device which a user has registered.
Its trivial for the phone to ignore the update request if the device isn't in the In-Box or "Factory Reset" state.
Modified firmware would fail the signature check.
Isn't Apple stifling competition by not allowing rival OSes to be installed on iPhones? What if I want to install Android on my iPhone. 😅
Yeah, it's funny when people reflexively jump to these sorts of conclusions. MagSafe can already turn on an iPhone, and iOS already has a secure system for downloading and installing official updates from the cloud. This feature probably just augments the "device setup screen" so that a local trigger can kick-off the standard update procedure. My guess is that this wouldn't work for initialized/locked devices.
Apple is set to roll out a new system that allows retail store staff to wirelessly update the software on iPhones prior to sale, without having to take them out of their packaging.
Writing in the latest edition of his Power On newsletter, Bloomberg's Mark Gurman said the new proprietary system, called "Presto," relies on MagSafe and other wireless technologies, and "looks a bit like a metal cubby for shoes." It will begin rolling out widely across the U.S. in April, with Apple's intention to have the technology in all U.S. retail stores by early summer, he added.
Gurman first reported on the wireless system in October, describing it as a "proprietary pad-like device" on which retail store staff can place a sealed iPhone box. The system wirelessly turns on the iPhone inside, updates its software to the latest version available, and then powers it off.
Apple developed "Presto" as a way to avoid selling iPhones in retail stores with outdated software. For example, the iPhone 15 series shipped with iOS 17, but Apple subsequently released iOS 17.0.1 before the devices launched. The point update was required to fix an issue that prevented the transfer of data directly from another iPhone during the initial setup process.
That meant new iPhone 15 owners had to update the devices themselves as part of the setup process, or manually via the Settings app under General → Software Update if they opted to set up the device as new and transfer data later. Following the rollout of "Presto," such a scenario will be avoidable, making the setup process more straightforward for end us
Article Link: Apple Readying In-Box iPhone Software Update System for Retail Stores
Relax. These are “virgin” phones without a passcode and not the same after your setup.
I know I'm late to the comments here, but I wonder if anyone has actually seen one of these yet. I wonder if the packaging is not modified to allow more access than would otherwise be possible.
I would like to see Apple's security analysis of this, that's for sure.
Right but what's to stop someone intercepting it, modifying the software so it's not so virgin, and then delivering the phone to you with modified software lying about its purity.
I grant that this is an unlikely scenario, but three letter agencies have already been documented to interdict packages and modify the contents. It is a thing that people are capable of doing.
There are security patches for iOS devices every other months or so.
Exploit chains exist.
Not saying this changes that either way necessarily, but it does make one think about the process.
Same mechanism already used to validate updates.
We're not talking novel mechanisms here, but routine file signature validation.