How Apple Plans To Update New iPhones Without Opening Them (arstechnica.com) 97
An anonymous reader writes: What if you could update the device while it's still in the box? That's the latest plan cooked up by Apple, which is close to rolling out a system that will let Apple Stores wirelessly update new iPhones while they're still in their boxes. The new system is called "Presto." French site iGeneration has the first picture of what this setup looks like. It starts with a clearly Apple-designed silver rack that holds iPhones and has a few lights on the front. The site (through translation) calls the device a "toaster," and yes, it looks like a toaster oven or food heating rack.
Bloomberg's Mark Gurman has been writing about whispers of this project for months, saying in one article that the device can "wirelessly turn on the iPhone, update its software and then power it back down -- all without the phone's packaging ever being opened." In another article, he wrote that the device uses "MagSafe and other wireless technologies." The iGeneration report also mentions that the device uses NFC, and there are "templates" that help with positioning the various-sized iPhone boxes so the NFC and wireless charging will work. With that wireless charging, downloading, and installing, all while being isolated in a cardboard box, Apple's "toaster" probably gets pretty hot.
Bloomberg's Mark Gurman has been writing about whispers of this project for months, saying in one article that the device can "wirelessly turn on the iPhone, update its software and then power it back down -- all without the phone's packaging ever being opened." In another article, he wrote that the device uses "MagSafe and other wireless technologies." The iGeneration report also mentions that the device uses NFC, and there are "templates" that help with positioning the various-sized iPhone boxes so the NFC and wireless charging will work. With that wireless charging, downloading, and installing, all while being isolated in a cardboard box, Apple's "toaster" probably gets pretty hot.
Makes sense (Score:3)
Re: (Score:1)
Re: (Score:3)
But launching new hardware too. Ship an iPhone 16 globally without any version of iOS installed on the device that only activates on launch date. No leaks to the press and any rogue supply chain employee will just get a brick that won't power on.
Re: (Score:1)
Re: (Score:2)
this is all about Apple's supply chain having the latest bleeding edge release build on a device prior to sale.
As a consumer you'd still have to sync all your apps from the cloud but at least it might save, say, a 200MB download fetching the latest OS updates.
Re: (Score:3)
Nobody wants to wait on Christmas morning while their new phone updates.
This "zero value" proclamation seems to be becoming a common thing. It's dumb.
Re: (Score:3)
Re: (Score:2)
Because you want to use some feature that's in the latest version. But hey, I'm sure you're right and Apple is wrong. A $3 trillion company that specializes in attention to detail, or "superdave80" who's typing in one word sentences in all caps on an Internet chat site.
Re: (Score:2)
A $3 trillion company that specializes in attention to detail/quote. Is that what you really think they 'specialize' in? Because I could fill a long post with all the things wrong with my iPhone, most of which exist because of incompetency or trying to get more money/control. "Attention to detail" is not one of the things they prioritize.
Re: (Score:2)
Re: (Score:1)
This.
You've just opened a backdoor, requiring zero touch, that lets you make OS level changes.
The keys will be leaked, and in-the-box iphones will be compromised, for sure.
Or....they have already been compromised for over a decade, and you can't trust anyone.
Re: (Score:2)
Re: (Score:1)
Not that I don't trust Apple, but my bet is that spy agencies have had this tech for a decade already :)
Re: (Score:2)
At Apple Stores, if you walk in, and buy a new phone, and trade in your old phone at the same time, they'll help you transfer all your data over. They'll take you to the back of the store and sit you down and make sure everything goes correctly. They'll even make sure your new phone is running the latest OS. They want your experience to be as perfect as possible. This is absolutely fantastic for normals.
The whole process goes much faster if the new phone is already updated to the latest OS. It's great for c
Makes me feel a bit squidgy (Score:5, Insightful)
Not because Apple would do this in store but because it implies there is some sort of remote control capability that a Bad Actor could possibly hook into to do something Bad to customer owned phones. If I turn off my phone I don't want some random person to be able to turn it back on or talk to it in some way that might trigger a download of any sort outside my control.
Hopefully this is something that gets permanently turned off upon purchase or there's at least good confirmation they're not opening new holes and surfaces to attack.
Re: (Score:2, Interesting)
I'm not sure how the update is getting pushed, but if you've used any iDevice, you'll know if it's powered off and then put on a charger it turns on.
Re: (Score:1)
Yes but that's only the wake up part. Being placed on power won't trigger an update check as far as I know. Shrug, maybe it does but from casual observation of my phone vis a vis powering it and updates, I don't think so. 99% of my updates are me manually checking but my phone is on power at least twice a day.
I'd like more real info on what's really happening, it's probably ok but....
Re: (Score:1)
presumably this is just a wake-up nudge and from there it's just the phone's own auto-routines placed there since the factory, no real commands sent in other than a "do a phone home." so to speak
ironically, defending the sec/vuln side of this hinges on downplaying how simple and minor this is, so it will be amusing to see breathless descriptions of how incredible and complex this all is
there seems to be some people assuming old (extant) phones will have this functionality, but i expect the phone-home will n
Re: (Score:2)
Yeah, I'm not automatically reflexively wildly opposed. I'd just like more info to ease that vaguely uncomfortable feeling.
If this is a new thing then hopefully there is an easy way to permanently disable it. Automatic self disable upon initial setup would do it.
Re:Makes me feel a bit squidgy (Score:4, Interesting)
iPhones already have automatic updates on by default. If you don't trust the updates Apple is pushing out, you have a big problem because it's not like you can install Linux on current generation iOS hardware.
Apple could push out an update tomorrow that sends your personal information to China, your nudes to PornHub, and replaces your lockscreen photo with "Tim Apple" giving you the middle finger. You just have to hope they never find it in their interests to do such a thing. That's how it works when you own a device which runs on proprietary software and excludes you from the circle of trust. We were warned. [vimeo.com]
Re: (Score:1)
This is different. It turns it on and then forces an update attempt. That's new and currently unclear how this all works.
Re:Makes me feel a bit squidgy (Score:5, Interesting)
This is different. It turns it on and then forces an update attempt. That's new and currently unclear how this all works.
It's not unclear if you've set up an Apple Watch. It will turn itself on when put on the inducive charger and immediately begin looking for a phone to be paired with.
There's been rumors for awhile that Apple might ditch the physical charging port on iPhones at some point, so it makes sense they'd first implement some wireless equivalent of recovery mode. It's not really an attack vector without first bypassing Apple's cryptographic signature verification mechanisms. While Apple certainly has had their share of iOS security "oops" moments, it's not exactly Apple's first rodeo securing against those sort of vulnerabilities as they're discovered.
Re: (Score:2)
I haven't owned any watch since college.
Does the Apple Watch do that every time you put it on the charger or just on initial setup?
Omg, I hope they don't go wireless only for charging phones. There are many times I keep my phone on the wire such as long road trips running Waze where running out of power would be bad and I place the phone in a spot I can see it with a glance but it isn't distracting in my face the whole time. I also tend to burn down power to near zero a lot and then just plug it in while
Re: (Score:2)
This works until someone discovers a bug in the implementation.
Re: (Score:1)
Re:Makes me feel a bit squidgy (Score:4, Informative)
Re: (Score:1)
Turned on, yes, but turned on and then forced to download something with no user input?
Re: (Score:3)
Turned on, yes, but turned on and then forced to download something with no user input?
I am sure this can only be triggered on a pre-personalized phone.
Re: (Score:1)
I would hope so but I'd like to see confirmation of that before I get one of these.
Re: (Score:2)
I would hope so but I'd like to see confirmation of that before I get one of these.
Since NFC is part of the equation, this sure sounds like the Unmanned Update System is specifically designed to not allow Remote Updating.
Re: (Score:2)
A government could realistically hijack your updates with vendor cooperation, if you have your device set to auto-update; or possibly even if you don't.
Re: (Score:2)
Re: (Score:2)
In older-ish movies they just removed the battery.... progress.
Yup, why do you think we can't do that anymore. /conspiracy-theory
I know vendors like to say a non-removable battery and lack of a headphone jack is to make the phone (more) waterproof, etc... but my Kyocera HydroVIBE from 2015 (and used until 2021) had a removable battery and a headphone jack and was IP57 certified (protection against dust and water immersion for up to 30 minutes in up to 1 meter of water). The back cover, which could be popped off with your thumbnail to get to the SIM, SD and battery,
Re: (Score:2)
Hence, why we need removable batteries. :P
Re: (Score:1)
Re: (Score:3)
This is clearly nonsense. Staying connected to the cellular network or wifi requires energy, and without being connected there is no way to remotely do anything. If what you said was true, it would be easy to prove because a phone that is turned off would drain its battery after a week.
iPhones do keep their Bluetooth powered up when turned off, but in a low power mode, to enable "Find My" functionality, like an AirTag. Unless your definition of "remote" is "within several metres"...
I have built multiple pro
Re: (Score:2)
Re: (Score:2)
as a former cell engineer, I can safely tell you that ALL cell phones are capable of being turned on remotely.
Which is why I prefer phones with removable batteries and why phones don't have removable batteries anymore.
This is completely disrespectful in a society that deems itself "Free".
Re: (Score:2)
as a former cell engineer, I can safely tell you that ALL cell phones are capable of being turned on remotely
As the current lead engineer for Android's hardware security team, I can tell you that this is incorrect unless the device is specifically configured to do it, and I don't know of any that are.
Cellular radios are powered off completely when the device is turned off, as are Wifi radios, Bluetooth radios, NFC radios and UWB radios. The only way Apple can do this is with a very short-range field that is powerful enough to inductively couple to an antenna in the device and push in enough power to power up the
Re: (Score:2)
Most the time your phone will be turned on and then Apple can install updates anyway.
Re: (Score:1)
That's not my issue.
Re: (Score:2)
Re: (Score:2)
Yes, you can have it set this way, but there is any indication the Apple system works that way?
Re: (Score:2)
Great Attack Vector (Score:5, Insightful)
What Could Possibly Go Wrong?
Can't wait to wardrive through an Apple Store and jailbreak all their yet-unsold phones.
Re: (Score:2)
side load apps with it?
Re: (Score:1)
I'm curious how the update is happening. the powering on part is easy, that's already built into Apple devices. If powered off, it turns on when connected to a charger. I'd be surprised if it's not configured to verify and ensure it's only installing software signed by Apple.
Re:Great Attack Vector (Score:5, Insightful)
Presumably the update signature is checked the exact same way it is for every subsequent update that is sent to you (e.g. OTA cellular, wifi, usb, etc.). So what's the concern here exactly? If you trust the system enough to update over a random wifi / cellular / USB connection post-sale, then how is this any worse?
Re:Great Attack Vector (Score:4, Interesting)
Another problem is security research. Researchers tend to look for older devices still sealed in their packaging to confirm it both hasn't been messed with, and is running an older version of the OS / firmware they want to check against. This new development means that the manufacturing date on the box / device means nothing and it's a random guess as to what version they'll get.
Honestly, I'm wondering how this passes legal certification requirements? It's one thing if the owner of the device updates after the purchase, but it's another thing entirely to have the device legally certified at version X, update it in the store / warehouse to version X + N, and still market the device as legally certified. How does the manufacturer, in this case Apple, not have to recertify at that point?
Re: (Score:2)
"forced to sign a firmware update that they didn't want to by a government"
If we stipulate a forced firmware change is possible, do you actually find it plausible that you'd be able to find out so that for updates coming *after* you have taken possession you would be able to block such a compromised update *and also* that you'd also be able to find out that firmware installed before boxing was not compromised? If not, then this the presales update leaves you no worse off than post-sales updates.
Really, you
Re: (Score:2)
The issue is that an Apple of the future may be forced to sign a firmware update that they didn't want to by a government, who'd then be able to use mechanisms like this to ensure the iPhone was running the software the government wanted it to run.
That would never happen in a Free society... so why are you worried? ;)
Re: (Score:2)
The issue is that an Apple of the future may be forced to sign a firmware update that they didn't want to by a government, who'd then be able to use mechanisms like this to ensure the iPhone was running the software the government wanted it to run.
Wired vs wireless doesn't significantly change that issue. If the government can force Apple to do it wirelessly, they can force Apple to open and rebox the device.
Re: (Score:2)
If the government can force Apple to do it wirelessly, they can force Apple to open and rebox the device.
True, but why would the government want to force Apple to open and rebox something (as well as take the time and resources to do so) when they can just have it done on demand in any normal store where it's far less likely to draw attention from their targets?
By making this a commonly done practice, Apple has also made store staff taking devices off of the shelf for updates a normalized practice. That's definitely a significant change. Now someone quietly updating / otherwise messing with the devices you'
Re: (Score:2)
Re: (Score:2)
No master encryption key for any major software company has ever leaked or been fraudulently generated.
*snark*
Re: (Score:2)
Presumably the update signature is checked the exact same way it is for every subsequent update that is sent to you (e.g. OTA cellular, wifi, usb, etc.). So what's the concern here exactly? If you trust the system enough to update over a random wifi / cellular / USB connection post-sale, then how is this any worse?
We only know possibilities.
If the signature is compromised (without Apple knowing yet), with OTA updates someone has to additionally man-in-the-middle to present the device a fake update. With this, they still have to man-in-the-middle, but that may involve merely being near the devices in question. Meaning that anywhere in the physical supply chain there's an opportunity for someone to modify a shipment of phones.
The armchair security expert talk here is really just noodling. Yeah, probably Apple wi
Re: (Score:2)
We only know possibilities.
The definition of a risk is anything that can happen factored by how likely it is to happen.
Possibilities matter a whole fuckin' lot.
Re: (Score:2)
We only know possibilities.
The definition of a risk is anything that can happen factored by how likely it is to happen. Possibilities matter a whole fuckin' lot.
Oh, I agree wholeheartedly. That sentence was in response to "how is this any worse?" We don't know exactly how this is any worse and we don't know what the concern is exactly but I was trying to demonstrate that categorically there are examples of how this could be a problem and that there's value in not just saying "everything's fine".
Re: (Score:2)
In addition to codebase7's excellent answer, this increases the attack surface.
We have seen the USB interface exploited again and again to unlock iPhones. Adding the ability to turn the phone on and send a firmware update via NFC just opens up another interface to attack.
Re: (Score:2)
If you trust the system enough to update over a random wifi / cellular / USB connection post-sale, then how is this any worse?
Because I don't use "random wifi / cellular" connections to update my phone. I use encrypted cellular service on a dedicated secure network from my service provider, or a secure WiFi network which I own and operate the security for to update my phones.
This just eliminates the ability to control the device updates, and it hides any malicious acts behind the 'new phone experience' setup and packaging being sealed.
If you're updating your devices on public Starbucks wifi you deserve whatever you get. This
Re: (Score:2)
Re: (Score:2)
> A firmware-level access over a wireless connection?
Is it correct to assume that you update your phone over wired connections only?
On a side note. This really isn't a problem unless a serious flaw is discovered that needs to be fixed before the user is allowed to use the phone for any given amount of time. For vast majority of updates, this solution shouldn't be used at all.
Re: (Score:2)
Is it correct to assume that you update your phone over wired connections only?
Is it correct to assume you think an encrypted OTA update from my cell carrier is the same as someone unauthorized using a NFC or WiFi device to maliciously access a phone on a shelf in a box with no carrier and no OS running to protect it?
Also, OTA updates don't play nicely with custom ROMs, so yes, I often do update my phones and tablets over a wired connection.
Truly amazing! (Score:1, Flamebait)
Re:Truly amazing! (Score:4, Funny)
Re:Truly amazing! (Score:4, Interesting)
A personal tracking device that can be turned on or off by a remote entity at their convenience, running any app of their choosing (including updates to add/change/delete those apps). What could possibly go wrong?
Almost every car made in the past 3-4 years has all of the these same abilities. Your Ford, GM, Toyota, Lexus, Tesla, etc. can be started, from an app. That app doesn't talk to your car. It talks to a server at Ford. That server sends the instructions, updates, etc. to you your car/truck. That means F/G/T/L/T/etc. can start, update, or unlock your car anytime they want by writing some code on their end (if they don't already have it).
Now... apply that to tons of other devices. Cameras, TVs, routers, etc. This is not a new idea. They are just using it in a new and novel way.
Re: (Score:2)
Almost every car made in the past 3-4 years has all of the these same abilities.
It is almost surprising that these vehicles have people willing to purchase them. I imagine it is only possible because of low-information transactions. The fact that our government is not merely willing to allow this to occur, but actually encourage it, tells me all I need to know about the respect that is given to the concept of Freedom. "You can have SOME Freedom when it is convenient to allow it; but otherwise, we will keep an iron grip on what you can and can not do."
It will not be many more generation
Re: (Score:2)
This is not a new idea.
The new part is wirelessly powering on a device that is actually turned off. The cars you mention have always-on radios listening for that signal. This isn't a problem for cars because they have enormous batteries. Cellphones do not have always-on radios, because their batteries would be quickly depleted. What Apple is doing is exploiting their short-range wireless charging circuitry to push enough power into the device that it can power up Wifi radios and start listening for other commands.
You're holding your phone wrong. Again. (Score:2)
If you need a "template" to correctly position a box so wireless whatever works, it's not a very useful system, is it?
Also, how does Apple know if the update works? I'm presuming they have some type of monitoring in place, but what happens if either the update doesn't go through or the phone gets stuck in an unusable state? Will an employee have to open the box and do a manua
Re: (Score:3)
Apple can just log those nuances in their database and ping the phone to see if it has that OS version installed. If not, or if the phone is stuck in a boot loop, they could just trigger DFU mode to try again. (DFU = Direct Firmware Update. I
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
there are "templates" that help with positioning the various-sized iPhone boxes so the NFC and wireless charging will work
If you need a "template" to correctly position a box so wireless whatever works, it's not a very useful system, is it?
Also, how does Apple know if the update works? I'm presuming they have some type of monitoring in place, but what happens if either the update doesn't go through or the phone gets stuck in an unusable state? Will an employee have to open the box and do a manual install? What if the phone is bricked because of an update?
Hans Kristian Graebener = StoneToss
Just how far away do you expect NFC (hint:The "N" stands for "Near"), or "Wireless Charging" (hint: They use magnets to align phones properly on the charger-pad)?
Stacking the Boxes to expose those to the outside of the Pallet (?) makes perfect sense. . . If you understand.
Having said that, you do raise a good point about Update Verification. But I assume Apple built the antenna for that Handshake into the "Update Wand".
Been waiting for this (Score:4, Funny)
I see mostly benefit (Score:3)
I can't see people hacking this system - if it's a mix of an encryption key and wireless charging that's required, you're hardly going to bring a portable charger with you even if (well, let's be honest once) you've acquired the key.
A store could rotate unsold stock through the system to ensure whatever they sell is ready to go, and keep the update rack in the stock room out of the reach of vandals or other malicious actors.
I don't deal with Apple, but I do deal with other vendors who routinely ship things with firmware that still only supports TLS 1.0. I mean, WTF? That's not even old stock, that's not updating the image you install at time of manufacture and leaving your customers with a partially-functional device until they figure out what you didn't do. Gimme the updated-at-sale system, PLEASE.
Re: (Score:2)
I can't see people hacking this system
That is because, at best, you are a low resource hacker. If you had the resources of, say, a national government or a multinational business, hacking the system is much more doable. Compromise a few key actors within the Apple hierarchy, have them plant a little bit of code, and there you have it. A workable system whereby someone other than Apple has full control over your phone. Quite a bit easier than brute forcing SHA256 hash collisions... if you have the resources.
Or install a surveillance version in the box... (Score:1)
Published... (Score:1)
Next logical step for Apple (Score:2)
We already have zero-touch deployment using Apple / MDM tools - the minute the device powers on *out of the box by the user* it starts its MDM / profile / services / app enrollment. Huge help for enterprise and edu. This new version does it inside the closed box for phones.
Please make this a "user can kill" feature (Score:1)
Please, please make it so this is permanently (in hardware) disabled once the end user disables it.
Re: (Score:2)
Hack while still in box (Score:2)
The reason (Score:2)
Police have been dreaming of that power for 2 decades and now Apple delivers.
The real reason for in-box updates isn't customer OOBE, it's to change the OS into malicious compliance with whatever rule the EU parliament or bureaucrat in India, demands.
In my dad's day (Score:1)
Re: (Score:1)
And in our day the emergency services get an overwhelming number of automated calls whenever you dad puts his wrist watch on the bedside table or sits down slightly too fast. Progress!
There are no dystopian uses (Score:2)
There are no dystopian uses for this tech. None. None whatsoever.
Anyone claiming otherwise is guilty of thoughtcrime.
I would like a future where every device has a physical power switch and maybe a trivially removable battery.
Why? (Score:2)
My brain said NFC and wireless the second it was mentioned.
Sure, if you use the right software you can keep the power usage to a minimum in the box so heat isn't an issue, but we can already wirelessly charge devices, instruct them to wake from sleep, and send data to them. It's not even unusual on modern phones to have all those features.
The bigger question is whether its actually worth the effort. Next month there'll be another update anyway. If you updated in the background just while the user goes th
Sure, it's a little chilly (Score:2)
And lonely here on the counter. But at least I'm not in the pot anymore. If I were living in a benevolent culture, I might think differently.
What a great idea! (Score:2)
Now you can have malware injected while your iPhone is being transported!
It's not like Apple's low-quality software would contain vulnerabilities which would allow you to end up with an unopened iPhone that's been completely owned or anything!
No, that would never happen!
Honestly, does Apple specifically hire for 'stupid' or something?
What a great idea! (Score:2)
What could possibly go wrong?
Can it be turned off/disabled? (Score:2)
This is fine for stores to do it to unsold products. But as others have noted, I don't like ANYONE to have the ability to remotely power on my device and push software to it without any interaction or alerts. It can't be categorized as anything other than a security risk.