Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Iphone Apple Hardware

Apple Plans To Update iPhones In-Store Without Opening the Boxes (appleinsider.com) 101

Malcolm Owen reports via AppleInsider: Writing in his "Power On" newsletter for Bloomberg, Mark Gurman claims that Apple has a system that can update the operating system of iPhones before they get sold. Crucially, it can do so without opening the box. Consisting of a "pad-like device," store employees place unopened iPhone boxes onto it to trigger an update. The pad wirelessly turns on the iPhone, runs the software update, then turns it off again. While only iPhones are mentioned in the report, it's plausible that the idea could be extended to other products in Apple's catalog. It is claimed that consumers may benefit from the system at Apple Stores before the end of 2023.
This discussion has been archived. No new comments can be posted.

Apple Plans To Update iPhones In-Store Without Opening the Boxes

Comments Filter:
  • Android users (Score:5, Interesting)

    by Anonymous Coward on Monday October 16, 2023 @05:03PM (#63929937)

    asking what an update is.

    • It's something that changes the way your OS functions without providing you any meaningful benefit. Consider yourself luck.
      Sincerely
      Windows and Apple users.

  • I encountered this myself with the recent iPhone release, even though I got one right around launch it updated as part of setup.

    It makes an otherwise extremely friendly data transfer session from your older device have an odd hiccup in the middle, where it has to resume transfer after the software update is done. To have that transfer be totally seamless right out of the box would make it easier for a whole lot of people to complete device transfer successfully.

    • Re: Great idea (Score:5, Informative)

      by Frobnicator ( 565869 ) on Monday October 16, 2023 @06:21PM (#63930127) Journal

      I am less convinced about it being a great idea. Convenient for the company and users certainly, but good?

      Anybody with the device can flash the device with a new firmware remotely, yes centimeters but still a distance, without the knowledge nor consent nor password of the device owner.

      While it certainly can be used positively, there are plenty of bad actors, including government actors, that triggers alarm bells.

      This is yet another attack vector to turn any Apple device into an eavesdropping device by anyone with sufficient resources.

      I would prefer devices require additional physical interaction for this type of operation.

      • Re: Great idea (Score:4, Insightful)

        by fj3k ( 993224 ) on Monday October 16, 2023 @06:39PM (#63930167)

        I'd be less concerned about bad actors being able to install the software. I would assume that the phones would still verify the installed packages.

        But this probably means that if you are concerned about some threat, you can't just assume that a switched-off phone is safe.

        • If this is a feature that apple implements, I hope they add some sort of microfuse that only allows this as a one time thing.
        • you can never presume a switched off device to be safe. This is one reason why I prefer devices with removeable batteries.

          Ref: https://www.pandasecurity.com/... [pandasecurity.com]

          Ref: https://www.comparitech.com/bl... [comparitech.com]

          • you can never presume a switched off device to be safe. This is one reason why I prefer devices with removeable batteries.

            Ref: https://www.pandasecurity.com/... [pandasecurity.com]

            Ref: https://www.comparitech.com/bl... [comparitech.com]

            Right. Because a phone with removed batteries is sooooo practical when out and about.

            • duh, you put them back in when you need to check messages or make a call.... or you could put it in a faraday cage...Trust me, you can live 20 minutes without checking your phone.
              • duh, you put them back in when you need to check messages or make a call.... or you could put it in a faraday cage...Trust me, you can live 20 minutes without checking your phone.

                Oh, just shut up.

                I hope you have the batteries out of your phone when the hospital calls to tell you your family-member has been rushed to the hospital.

                Seriously.

                • wow, so, have you ever considered taking an anger management class? All my relatives have died, I don't have to ever receive that call again. thanks for those memories though.
      • While thatâ(TM)s a fair concern, it seems like something thatâ(TM)s relatively easy to mitigate. Requiring the pad to present a certificate to the device identifying it as a device authorised by Apple would be a good first step. Stopping this from activating once the device has completed setup would be a good second.

        That, and of course the existing protections Apple has in this regard, like requiring the firmware youâ(TM)re installing to be signed by Apple would seem to mitigate your issues

        • While thatâ(TM)s a fair concern, it seems like something thatâ(TM)s relatively easy to mitigate. Requiring the pad to present a certificate to the device identifying it as a device authorised by Apple would be a good first step. Stopping this from activating once the device has completed setup would be a good second.

          That, and of course the existing protections Apple has in this regard, like requiring the firmware youâ(TM)re installing to be signed by Apple would seem to mitigate your issues.

          I'm pretty sure that the company that uses stegography to "adopt" a new device into your AppleID has got this sorted.

      • I am guessing the attack surface will be similar to initiating a flash request via the USB connection, where the .ipsw file will need to be signed, and the device would have to go get an individual signing ticket from Apple for the firmware to be installed. Bypassing this would require a full scale iBoot jailbreak, which is extremely unlikely.

        If there is some key exchanges done between the remote flashing device and the phone, it will be highly unlikely this attack can happen, and if it does, a 0.1 update

      • Anybody with the device can flash the device with a new firmware remotely

        In addition to the other aspects mentioned which make this very unlikely, I'd also assume it will not be able to do this once you have activated the phone. This update mechanism happens before the device is attached to anyone.

      • Ever heard of cryptography? There's not a snowball's chance in hell that you install any system software on an iPhone that isn't signed by Apple.
      • Why is everyone in this thread thinking the device is doing the flashing or transmitting the software?

        My hunch is all this device does is triggers the phone to wake up, connect to the store wifi with pre-stored credentials, then run the update as it normally would when activated and shut back down. Sending the update from the device itself, as you say, is a potential exploit path, but if all it does is connect to the wifi and run software update it's no more vulnerable than any other Apple device.

        The other

      • by dgatwood ( 11270 )

        Anybody with the device can flash the device with a new firmware remotely, yes centimeters but still a distance, without the knowledge nor consent nor password of the device owner.

        I can't really see Apple paying an employee to stand there beside each of the hundreds of devices in their inventory for half an hour waiting for the employee's phone or whatever to push an update to the device. The form I'd expect this to take is a wireless charger with has a longer range, which will trigger the phone to power up, and some magic command sent over NFC that tells the device to connect to the store's Wi-Fi network, download the update, and shut down. Ten seconds per device, and then put it

      • I am less convinced about it being a great idea. Convenient for the company and users certainly, but good?

        Anybody with the device can flash the device with a new firmware remotely, yes centimeters but still a distance, without the knowledge nor consent nor password of the device owner.

        While it certainly can be used positively, there are plenty of bad actors, including government actors, that triggers alarm bells.

        This is yet another attack vector to turn any Apple device into an eavesdropping device by anyone with sufficient resources.

        I would prefer devices require additional physical interaction for this type of operation.

        Probably only works with non-Personalized Devices.

        Hopefully.

      • by dougmc ( 70836 )

        Anybody with the device can flash the device with a new firmware remotely, yes centimeters but still a distance, without the knowledge nor consent nor password of the device owner.

        We don't know the details of the implementation. In particular, it may only work on unactivated/unregistered phones. (That would be a reasonable protection, anyways.)

        Also, I doubt the device itself is the source of the new firmware -- that probably comes from the Apple servers on the Internet, and of course they'd have to be cryptographically signed as they always are. (That said, how do the devices get access? Connect to a specified (or default) WiFi network?)

        Either way, assuming that Apple makes it so

      • Anybody with the device can flash the device with a new firmware remotely

        That's not how firmware updates work. Hardware does not indiscriminately allow just anything to get loaded on that. You can see that quite clearly in how many people can't even swap out displays on iPhones without the OS kicking up a stink, or how Lineage OS only has a limited number of phones it supports.

  • by vlad30 ( 44644 ) on Monday October 16, 2023 @05:13PM (#63929975)
    This is interesting as a closed box and the wrapping and packaging all would contribute to heat being confined they must have confidence that the current generation is not as hot when charging and running. I would also guess the screen would not be on saving power and cpu. The best part would be able to use the phone sooner and not have a minutes to hours of no phone as most people transfer data to their new phone before the updates start.
    • and if the battery dies midway?
      the phone has damage that you need to open the box to see and that in come extreme cases lead to an fire

      • Nearly every phone on the planet will refuse an update if the battery is too low.

      • by mkwan ( 2589113 ) on Monday October 16, 2023 @06:34PM (#63930155)

        Maybe the update pad includes a wireless charger.

      • and if the battery dies midway? the phone has damage that you need to open the box to see and that in come extreme cases lead to an fire

        Batteries in iPhones never die, right?

        All those people that plug into those charging stations are simply reliving the 'so yesterday' experience of wired networking

        /sarcasm ?

      • and if the battery dies midway?
        the phone has damage that you need to open the box to see and that in come extreme cases lead to an fire

        Both new iPhones I have received have arrived with about 80% charge.

        Li-Ion batteries have exceedingly slow self-discharge, and iPhones sip very little power in Standby.

        Plus, I would be willing to bet that Apple has been using this "internally" for quite some time before rolling it out to their stores.

    • by NaCh0 ( 6124 )

      It's going to run for a few minutes inside an air conditioned store.

      It's not like having the body heat in a pant pocket or the dashboard of your car.

      • It's going to run for a few minutes inside a sealed box inside an air conditioned store.
        It's possible heat is going to be a factor. It's also possible this particular cockwomble made the whole thing up.
        I mean, he writes for Bloomberg, it's not like being a proper journalist.
    • by AmiMoJo ( 196126 )

      I wonder if it does a full install of the update, or just loads the update blob and quietly installs it on first boot.

  • Sounds exploitable (Score:5, Insightful)

    by agm ( 467017 ) on Monday October 16, 2023 @05:20PM (#63929993)

    This is begging to be exploited. Imagine someone being able to wirelessly "update" your phone to a hacked version.

    • the FBI will have one to install IOS cop bypass lock version.

    • Yeah, this really seems like a bad idea. Doubly so, given how far the quality of Apple's software has fallen over the past decade.

    • by ArchieBunker ( 132337 ) on Monday October 16, 2023 @05:53PM (#63930071)

      So you have a way to sign binaries with Apple's key?

    • I always update my phone wirelessly.

    • by Brain-Fu ( 1274756 ) on Monday October 16, 2023 @05:53PM (#63930075) Homepage Journal

      Yep. Even if the box is properly factory sealed you have no way to know whether or not the device has been tampered-with before it got to you.

      On a related note, I have noticed that these days many motherboards ship in boxes that have no seals at all. No shrink wrap anywhere. No tape holding anything shut at all. You just unfold it and the board is right there. I read right here on slashdot that a hobbyist can install a spy chip on a motherboard for about 200 bucks. The things are tiny and you would never know. And since the box has absolutely no breakable seals on it, you have absolutely no assurance that your shiny new motherboard hasn't been tampered-with, even if you pull it off the store shelf with your own hands.

      Needless to say, I disapprove. I imagine the FBI loves it, though. As do properly-connected criminals.

      • In reality you’re not important enough to get spied on.

        • In reality youâ(TM)re not important enough to get spied on.

          In reality it's now cheap to spy on everyone by having their phone do it for you and send back a transcript. Even a shitty transcript is enough to analyze and flag targets for additional surveillance.

        • If you have enough money to be buying a motherboard, you have enough money to be worth stealing from. Criminals have an incentive to try.

          Same goes for those who own iPhones.

        • If it's done on the 1000 bucks enthusiast motherboards, it probably proves you have a bunch of spare cash for such things.

          Especially if it's early in the product cycle where the only people who can afford to buy the expensive high end stuff early on is usually those with spare cash anyway. 3 months later, a regular person who also wanted it could have saved up enough to purchase it. But on the first week, unlikely you are just a regular person.

          That may make you a tempting target.

      • Yep. Even if the box is properly factory sealed you have no way to know whether or not the device has been tampered-with before it got to you.

        On a related note, I have noticed that these days many motherboards ship in boxes that have no seals at all. No shrink wrap anywhere. No tape holding anything shut at all. You just unfold it and the board is right there. I read right here on slashdot that a hobbyist can install a spy chip on a motherboard for about 200 bucks. The things are tiny and you would never know. And since the box has absolutely no breakable seals on it, you have absolutely no assurance that your shiny new motherboard hasn't been tampered-with, even if you pull it off the store shelf with your own hands.

        Needless to say, I disapprove. I imagine the FBI loves it, though. As do properly-connected criminals.

        If you were worth spending $200 to bug your motherboard somewhere in the delivery chain, I absolutely would shrink wrap it and slap some fancy looking holographic tape on there to make you feel good.

        The problem is if you're not authenticating any of it. It's like doing SSL encryption with all the certificate validation logic tuned down. Are you authenticating the holographic seals? Do you trust the company's controls around their tape usage and its supplier? Do you even really trust the company that made th

      • by Misagon ( 1135 )

        There have been a few stories about server equipment supposedly being modified by security agencies before being reaching the end customers.
        This included server motherboards from SuperMicro [appleinsider.com] being modified by Chinese agencies, and shipments of Cisco equipment (I'm unsure what, but they have made servers) being intercepted by NSA.

      • by ghoul ( 157158 )
        "the FBI loves it, though. As do properly-connected criminals."

        Didnt your English teacher teach you not to repeat yourself
      • I read right here on slashdot that a hobbyist can install a spy chip on a motherboard for about 200 bucks. The things are tiny and you would never know.

        I read that same story. It was wholly unsubstantiated.

        It's not physically impossible, but first you have to have a place to get a component from that does whatever the original component did plus has a spy device built into it. And that spy device needs to be able to exfiltrate the data, which pretty much means it has to be built into the networking hardware, or have its own wireless communications capable of reaching an open network outside of your machine — which is almost certainly in a shielded bo

    • by cfalcon ( 779563 )

      It shouldn't be possible. The iPhone's design, once locked down, has a large master key that is unlocked by some smaller input you provide- and that transformation is in turn guarded by custom hardware that is tamperproof.

      In practice, faults are found with this from time to time. Several years ago, a famous case with Muslim mass shooters in California:
      https://www.theverge.com/2021/... [theverge.com]

      An Austrian company allegedly helped them gain access that time, but there's no shortage of companies that muck with iPhone

    • I'm 99% sure this is just a signal to trigger the phone to turn on, connect to the store's wifi, then reach out to Apple's servers for a software update, run it, and shut off.

      Sure if you could create a wifi network with the same credentials as Apple's in-store wifi, then run a MITM attack to feed it an update that would have to be signed with Apple's private key so it passes authentication to run you could update it to a hacked version. But uh, there's a *lot* there that is not practical.

      This is no differe

      • I'm 99% sure this is just a signal to trigger the phone to turn on, connect to the store's wifi, then reach out to Apple's servers for a software update, run it, and shut off.

        Sure if you could create a wifi network with the same credentials as Apple's in-store wifi, then run a MITM attack to feed it an update that would have to be signed with Apple's private key so it passes authentication to run you could update it to a hacked version. But uh, there's a *lot* there that is not practical.

        This is no different than a phone running and installing an update today - it's just wirelessly triggered.

        That's probably exactly how it works.

        They also do this in the backroom, where they presumably have full control over store-stock; not on the salesfloor. For obvious reasons, Apple doesn't pile-up their retail stock out in the open.

        Think about it.

    • by dddux ( 3656447 )

      I already thought nobody would mention that, but it's the first thing that occurred to me. It sounds like a huge security risk, more than anything useful and convenient. Although, it seems this iPad has to be pretty close to the iPhone. I wonder if they imposed some kind of range restrictions, or something? How can a device know the if iPad is 5m or a metre away? Signal strength?

    • Imagine someone being able to wirelessly "update" your phone to a hacked version.

      This seems to hinge on the assumption that attackers have a way to pass the phone's firmware validation, never mind any further layers of validation that may be involved with Apple's update pads.

      Apple's private firmware signing key is the holy grail of iPhone hacking. If you have that (or an exploit to bypass it) then there are far more insidious things you could be doing to the billion iPhones that are already deployed in the

    • This is begging to be exploited. Imagine someone being able to wirelessly "update" your phone to a hacked version.

      Your phone already wirelessly updates itself automatically.

      They need to remotely power them on while inside the box and prompt them to start the update process. Apple's in-store WiFi is already trusted, the firmware images are already signed and trusted, etc. If it were possible to hijack the firmware update process you'd already have seen it.

      I can think of ways a wireless wake on lan magic packet thing can go sideways, but I can also think of ways Apple can easily prevent it, and they control the silicon s

      • Your phone already wirelessly updates itself automatically.

        No, it doesn't. I can set it up to do so if I want, but by default it isn't. And I don't talk only about the confirmation in settings, is also about Wi-Fi: automatic updates happen only on Wi-Fi, not on mobile data.

    • I don't know. I'm sure the update itself isn't on the device. all it's doing is 1) turn on phone 2) run update cycle 3) turn off phone. It's not like the device is literally reprogramming the phones.

    • So easy to crash a plane with this. Take a container full of iPhones in the belly cargo of a passenger plane. Use the pad to switch all the phones off before loading by walking around the container in the loading area. Let them run constantly trying to connect to wifi for an update but not finding any. eventually the heat will start a fire in the belly of a passenger plane and we all know what happens to Lithium batteries once they are on fire.
      • So easy to crash a plane with this. Take a container full of iPhones in the belly cargo of a passenger plane. Use the pad to switch all the phones off before loading by walking around the container in the loading area. Let them run constantly trying to connect to wifi for an update but not finding any. eventually the heat will start a fire in the belly of a passenger plane and we all know what happens to Lithium batteries once they are on fire.

        Oh, bullshit

        IPhones barely get warm during an Update, anyway.

        Plus, you'd actually have to spend time in the cargo hold in flight; which I very much doubt is accessible from the passenger cabin; especially after 9/11.

        • by ghoul ( 157158 )
          Didnt you read the part about the loading area. All you need to do is plant an activation device on one of the loaders who load pallets into planes. They walk around to do a visual check and all phones switch on. Why would you need someone on the plane? Also cut off a smart phone from wifi and not put it into aircraft mode, it keeps trying to find wifi and keeps boosting its signal till it runs pretty hot.
          • Didnt you read the part about the loading area. All you need to do is plant an activation device on one of the loaders who load pallets into planes. They walk around to do a visual check and all phones switch on. Why would you need someone on the plane? Also cut off a smart phone from wifi and not put it into aircraft mode, it keeps trying to find wifi and keeps boosting its signal till it runs pretty hot.

            Nah. It would give up pretty fast, then go back to sleep.

            That timeout is handled by a background thread in iOS, and thus will not fail to force Sleep/Standby rather quickly no matter what when on Batteries.

            Apple is very good at energy management. Plus, the battery temp sensor would quickly put a stop to any thermal shennanigans.

            tl;dr Not gonna happen.

            • by ghoul ( 157158 )
              You are assuming this backdoor activation will follow the same steps as normal networkmanager thread
              • You are assuming this backdoor activation will follow the same steps as normal networkmanager thread

                Yes, and I also assume a Battery Overtemp will result in a fairly high-priority, possibly even hardware-enforced, shutdown.

                Unless you have actual proof, my opinion as a longstanding Embedded Designer/Developer, is that it is essentially inconceivable that any firmware load could cause a thermal runaway condition in an Apple Device. Period.

    • This is begging to be exploited. Imagine someone being able to wirelessly "update" your phone to a hacked version.

      It is inconceivable that Apple would allow this on a Personalized iPhone.

      • an stack of phone in cargo are likely not Personalized and ground person just needs the wake up device in there pocket to start the update loop

        • an stack of phone in cargo are likely not Personalized and ground person just needs the wake up device in there pocket to start the update loop

          And then what?

          It times out and goes back to sleep; that's what.

          You have no idea how many layers and Signatures and keys and secret moose handshakes and hard ips and a partridge in a pear tree Apple has built into their OTA Update Protocol; but if they are trusting it in the wild, I am cautiously optimistic that this won't be hackable. Now that the cat's out of the bag, we shall soon see. . .

  • NSA approved (Score:5, Insightful)

    by WaffleMonster ( 969671 ) on Monday October 16, 2023 @05:21PM (#63929997)

    Looks like spooks are getting an early Christmas present.

  • by davidwr ( 791652 ) on Monday October 16, 2023 @05:22PM (#63930001) Homepage Journal

    Sooner or later someone will figure out how to exploit this for evil.

    • by khb ( 266593 )

      I would think that Apple would not make it overly easy. Perhaps the door is open only while the phone is in a factory fresh state (might even exclude a reset/wiped phone; that is a special factory wipe/embed a factory key in the Secure Enclave?). No doubt not perfect, but a direction that could minimize the attack surface.

    • Sooner or later someone will figure out how to exploit this for evil.

      Wanna bet?

      Apple has probably had this capability for about a decade; I'll wait.

    • Sooner or later someone will figure out how to exploit this for evil.

      People have been trying to exploit the ability to load custom firmware on iPhones for over a decade. Wireless doesn't bring anything new to the table here.

  • and the nsa (Score:5, Insightful)

    by Growlley ( 6732614 ) on Monday October 16, 2023 @05:24PM (#63930009)
    says thank you for making life easier.
    • Walk me through how this would work. They probably use something like near field charging for waking the phone and transferring the files. So you pretty much need physical access.

      • Walk me through how this would work. They probably use something like near field charging for waking the phone and transferring the files. So you pretty much need physical access.

        1. You are taken into police custody, you refuse to unlock the device, but they will take it anyway

        2. They put your phone on such a pad that will update your phone's firmware with one with empty unlock credentials

        3. They have full access to your data

        4. Profit

        • Walk me through how this would work. They probably use something like near field charging for waking the phone and transferring the files. So you pretty much need physical access.

          1. You are taken into police custody, you refuse to unlock the device, but they will take it anyway

          2. They put your phone on such a pad that will update your phone's firmware with one with empty unlock credentials

          3. They have full access to your data

          4. Profit

          You are assuming the update preserves existing data. In the Apple scenario, the update could wipe the phones before the update or after since there is no data to save; ensuring it could not be used to hack into a phone.

      • Walk me through how this would work. They probably use something like near field charging for waking the phone and transferring the files. So you pretty much need physical access.

        NFC is waaay too slow for file actual transfer.

  • I never liked it to buy a brand new just released device only to find it running the previous release of the operating system. This allows them to actually package prior to the OS release and then patch/upgrade before shipping to customers. Just had my iphone 15 and had to do the OS upgrade to iOS17
  • ... pad wirelessly turns on the iPhone ...

    I've seen US Tv. cop-dramas where the police attempt to turn-on a phone by remote-control. They will be drooling over this Apple-shop-only device and it will quickly stop being Apple-shop-only.

    At a minimum, I hope it is NFC (ie. a short-range antenna) and a modulated signal (not merely, sufficient EMF to toggle a relay, so wake-up/boot).

    While the purpose is selling up-to-date iPhones and eliminating the 'upgrade OS' step in using a phone for the first time, putting remote-control technology in any devi

  • ...would love this! Imagine being able to divert customers' orders to "update" targeted individuals' phones & other devices without anyone being any the wiser. At the moment, they have to carefully open & re-package the items that they tamper with.
  • They can now 'update' your phone when putting on the TSA counter to get checked for metal.

  • Whatever attacks are possible when it is still in the box are possible at your home. Whatever attacks are impossible at your home are impossible when it is in the box. I havenâ(TM)t heard of anyone being able to install a hacked update on any iPhone.
    • Whatever attacks are possible when it is still in the box are possible at your home. Whatever attacks are impossible at your home are impossible when it is in the box. I havenâ(TM)t heard of anyone being able to install a hacked update on any iPhone.

      This.

  • I mean, having the ability to install a firmware without opening a box seems like a huge security problem. How can you be sure your phone has not been backdoored by anyone with this tool?
    • I mean, having the ability to install a firmware without opening a box seems like a huge security problem. How can you be sure your phone has not been backdoored by anyone with this tool?

      Oh, STFU and go wrap another layer of foil on that hat. . .

  • The next step would be to ship the phones with just a bootloader installed, and load the OS at the stores, shortly before selling them.

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...