Apple plans to update iPhones in-store without opening the boxes

AppleInsiderAppleInsider
Posted:
in iPhone

Apple has come up with a way to update an iPhone still in its packaging, with a system allowing for iOS updates to be applied to unopened smartphones while still in an Apple Store.

iPhone 15 Pro on a box
iPhone 15 Pro on a box



One of the problems of buying hardware is that consumers often discover their devices need a software update straight out of the box. This can also apply to devices that have just launched, such as the iPhone 15, which needed an iOS 17.0.1 update that was released before the hardware actually shipped.

Writing in his "Power On" newsletter for Bloomberg, Mark Gurman claims that Apple has a system that can update the operating system of iPhones before they get sold. Crucially, it can do so without opening the box.

Consisting of a "pad-like device," store employees place unopened iPhone boxes onto it to trigger an update. The pad wirelessly turns on the iPhone, runs the software update, then turns it off again.

While only iPhones are mentioned in the report, it's plausible that the idea could be extended to other products in Apple's catalog.

It is claimed that consumers may benefit from the system at Apple Stores before the end of 2023.

Read on AppleInsider

Comments

  • Reply 1 of 17
    mikethemartianmikethemartian Posts: 1,433member
    So I guess iPhones and similar devices are never truly “off” except when the battery is drained.
    williamlondon9secondkox2watto_cobraspheric
  • Reply 2 of 17
    renfield33renfield33 Posts: 4member
    Makes sense - turn on the phone with magsafe charging then it probably automatically looks for an update if it hasn't been setup.  Probably need to leave it on the charging pad to keep the battery charged during the update.
    appleinsideruserwatto_cobra
  • Reply 3 of 17
    TheseusTheseus Posts: 1member
    I had issues with my new iPad yesterday trying to transfer over from my old one.  It stalled on the install. I had to stop the side-to-side and go to manual after it completed the update.
    williamlondonwatto_cobra
  • Reply 4 of 17
    MichaelKohlMichaelKohl Posts: 25member
    What are they thinking? I’m just waiting for someone to hack this process and then to be able to jailbreak our phones without us knowing about it. 
    williamlondondjeilerswatto_cobra
  • Reply 5 of 17
    davidmalcolmdavidmalcolm Posts: 395member
    I suspect this will also have a MagSafe pad on it to ensure the device doesn’t loose charge while it’s updating. I also suspect that it will have a way to communicate to the pad that the phone has successfully updated. 
    watto_cobra
  • Reply 6 of 17
    22july201322july2013 Posts: 3,652member
    MichaelKohl said:
    What are they thinking? I’m just waiting for someone to hack this process and then to be able to jailbreak our phones without us knowing about it. 
    The last time I ordered from an Apple store, the "free delivery" meant that Apple hired an Uber driver to make the delivery. A malicious Uber driver might be able to install malware. On the other hand, if Apple is using public key encryption and manages to keep its private signing key private, such a feature is possible to secure. Each iPhone could use a public verification key to validate the software before installing it. I suspect Apple is smart enough to do that.
    watto_cobrajony0
  • Reply 7 of 17
    9secondkox29secondkox2 Posts: 2,922member
    So I guess iPhones and similar devices are never truly “off” except when the battery is drained.
    Yep. Sounds a lot like a network “wake on LAN” but doesn’t use a typical network. 

    Another mechanism with good intentions that opens the door for nefarious operators to get in. 

    Not only does it turn on the device from a powered off state, it can not only instal software but install a whole new OS. Crazy. 

    I suppose the fact that account credentials haven’t been established yet in-store is what allows this. Apple must have hard-coded a mechanism here that doesn’t defeat a user established login/account. 
    edited October 2023 watto_cobranubusjony0
  • Reply 8 of 17
    B-Mc-CB-Mc-C Posts: 41member
    Sounds like this is just a custom NFC type of device that can initiate a device wake and a trigger of the existing automatic update process (with command-line-like switches to run it silently / without user input or prompts and to automatically power off the device once the process is complete). It probably only works on devices that are still booting up to the welcome screen and isn’t letting them download any OS they want to the device, but rather whichever version is currently signed and available via automatic updates. Presumably the bits are also cached at each Apple Store so it’s not pulling it from the internet each time. I don’t think we have to worry about widespread misuse of a tool like this; it is probably very well thought out. If this “special pad” were reverse engineered or stolen from an Apple Store, the worst it could probably do is wake up an iPhone still in the box and ask it to check for an automatic update, and only if within range of a pre-allowed WiFi network such as the Apple Store. Big deal.
  • Reply 9 of 17
    humbug1873humbug1873 Posts: 146member
    mikethemartian said:
    So I guess iPhones and similar devices are never truly “off” except when the battery is drained.
    Even if turned off the iPhone turns on when you put it on a MacSafe charger. Given that it is an external power source, it could trigger a startup. I would think such an external update device would do precisely that, providing magsafe power.

    So it is still off in package. Otherwise it would drain the battery while in transport which would be bad.
  • Reply 10 of 17
    longfanglongfang Posts: 495member
    MichaelKohl said:
    What are they thinking? I’m just waiting for someone to hack this process and then to be able to jailbreak our phones without us knowing about it. 
    And said hacker is going to be unnoticed while keeping your phone touching his hacking pad during said hack?
    mike1
  • Reply 11 of 17
    pscooter63pscooter63 Posts: 1,080member
    Honestly, I'd heard casual references to this process years ago in an Apple store... by an employee (undoubtably no longer working there).  Back when I bought an 11 Pro.  They were like, "yeah, we can update the software while it's still in the box".

    Just because it was new to Gurman doesn't mean it was truly new.  Perhaps it's the device itself that's newsworthy here?
    edited October 2023 beowulfschmidt
  • Reply 12 of 17
    sflocalsflocal Posts: 6,111member
    *China just entered the chat.

    I'm just waiting for the first news of hackers exploiting this.  
  • Reply 13 of 17
    MichaelKohlMichaelKohl Posts: 25member
    longfang said:
    MichaelKohl said:
    What are they thinking? I’m just waiting for someone to hack this process and then to be able to jailbreak our phones without us knowing about it. 
    And said hacker is going to be unnoticed while keeping your phone touching his hacking pad during said hack?

    Have you not ever seen a wireless public charger? So many of them built in to furnitures, tables etc. 

  • Reply 14 of 17
    MichaelKohlMichaelKohl Posts: 25member
    22july2013 said:
    MichaelKohl said:
    What are they thinking? I’m just waiting for someone to hack this process and then to be able to jailbreak our phones without us knowing about it. 
    The last time I ordered from an Apple store, the "free delivery" meant that Apple hired an Uber driver to make the delivery. A malicious Uber driver might be able to install malware. On the other hand, if Apple is using public key encryption and manages to keep its private signing key private, such a feature is possible to secure. Each iPhone could use a public verification key to validate the software before installing it. I suspect Apple is smart enough to do that.
    Uber delivery guy? What are you thinking? Think bigger! Have you never ever seen a public wireless charger in a hotel lobby, restaurant, airport lounge, fast food place etc?
  • Reply 15 of 17
    fastasleepfastasleep Posts: 6,447member
    So much paranoia in here. Uber drivers updating your phone on delivery! Cats and dogs, living together! There's nothing here that implies any security issue beyond what already exists. 
  • Reply 16 of 17
    beowulfschmidtbeowulfschmidt Posts: 2,256member
    pscooter63 said:
    Honestly, I'd heard casual references to this process years ago in an Apple store... by an employee (undoubtably no longer working there).  Back when I bought an 11 Pro.  They were like, "yeah, we can update the software while it's still in the box".

    Just because it was new to Gurman doesn't mean it was truly new.  Perhaps it's the device itself that's newsworthy here?
    Came here to say this.  Had a similar experience with my wife's 12.  She bought it just after an iOS update had dropped, and the new phone was already updated.  I asked about it, and the rep said much the same as yours did.
  • Reply 17 of 17
    22july201322july2013 Posts: 3,652member
    What are they thinking? I’m just waiting for someone to hack this process and then to be able to jailbreak our phones without us knowing about it. 
    The last time I ordered from an Apple store, the "free delivery" meant that Apple hired an Uber driver to make the delivery. A malicious Uber driver might be able to install malware. On the other hand, if Apple is using public key encryption and manages to keep its private signing key private, such a feature is possible to secure. Each iPhone could use a public verification key to validate the software before installing it. I suspect Apple is smart enough to do that.
    Uber delivery guy? What are you thinking? Think bigger! Have you never ever seen a public wireless charger in a hotel lobby, restaurant, airport lounge, fast food place etc?
    None of those wireless threats, including the Uber driver, have any meaning if Apple does what I said, which is "using public key encryption and manages to keep its private signing key private". It would take me several paragraphs to explain how public keys would work to implement this, so I'll just summarize it by saying each iPhone in its box would contain a public verification key that corresponds to a private signing key that Apple uses to sign its firmware updates. This way, there is no threat from any insecure network like hotel lobbies, fast food places, or Uber drivers, because none of them can sign firmware updates with the private signing key that is used to sign the MD5 hash on the firmware that is wirelessly delivered to the iPhone in the sealed box. That's perfect security, which can even protect iPhones from attacks by big governments, as long as Apple doesn't lose the private signing key.
Sign In or Register to comment.