Apple stores to update products in their boxes

Originally published at: Apple stores to update products in their boxes | Boing Boing

…

For years now NASA has been launching Mars rovers before their software has been finished, then transmitting software updates mid-flight on the way to the planet. So I guess there’s precedent for this kind of thing.

Hmmm. And I’m questioning if it would be easy to install malware on a device without opening the box…

Apple has a very strict system of checking digital signatures before updating or running anything. To install malware through the packaging, you’d have to cryptographically break their update mechanism. Which hasn’t happened in many, many releases of iOS. It’s not like the jailbreak era of about 13 years ago, and hasn’t been for a long time.

Fair enough but is the “turn the thing on” aspect within that same protection? If not, so much for protecting one’s self from spies by turning the phone off.

“pad-like device” sounds like NFC or something similar. You’d need to seriously boost that signal to get that to work.

Speaking as a multi-decade network and infrastructure engineer who is familiar with other iterations of this technology such as wake-on-lan and the like, this is very likely not nearly as scary as it sounds. Today, plugging in your phone will turn it on (which, frankly, anyone with physical access could do by holding in the side button anyway), so I’d imagine they’d just extend this to “if you receive a wireless charge, turn on”. The update mechanism I’m sure is going to be some sort of pull mechanism (or at least a pull-probe) that tells the phone to fetch an update, going through the exact same rigorous safegards apple (and other os vendors) already have in place to ensure that only valid updates are installed.

In fact this may be more secure in some ways, because there’s no usb-based exploit possible in this case that is a common vector for malware to begin with,

I hadn’t even considered this in my comment, and it makes just broadcasting the signal to turn it on even less likely.

Which one can verify by taking a “new in box” iPhone and putting it on a Qi (or MagSafe) charger and seeing if it turns on.

I would imagine it does because if I take a non-new in box iPhone and turn it off and then put it on either a Qi or MagSafe charger it turns on.

The MagSafe chargers also have a little ID dance so the phone can have slightly different behaviors (showing a “charge ring” in the same color as the charger for example, or go into a info display mode that has distinct settings of each MagSafe charger…so I imagine they could have a set of IDs that cause a phone to look for a signed OS update in “the normal places” oh and connect to a WiFi with “the normal ID”. Alternately they could use UWB to transmit an OS image, and still verify it in “the normal way”.

The interesting thing would be getting a small enough amount of packaging between the phone and the packaging that you could actually provide it with a useful amount of power without unboxing it.

At another company we had made some efforts to support pre-customer OS upgrades, and power was always the sticking point. We didn’t have any Qi power on most of our products though. We did a trial run of adding it to a WiFi router that wouldn’t otherwise have use for Qi power just for pre-shipping OS upgrades. Maybe a smart speaker as well.

It didn’t pan out for us at the time. I can absolutely see it being viable for a device that already has Qi power. The packaging is the key though. You can have enough to protect the product, but not a lot…

(we didn’t use UWB to upload images, but I don’t doubt that it could be done, we used WiFi and out main focus was doing it on a conveyer belt, or as a stop in a process that involved delivering a whole bunch of units to a fixed location and then having a fixed amount of time before the items had to be removed. The less time the better, and having it be a predictable amount of time is better as well. So you wanted to get the items onto the power feed and estimate how long it took together them enough power to complete the process, and if it took less time then the actual completion you could remove them when they had enough power to finish, not when they had completed. So “drop the bottom layer here, wait 7 minutes, then pout them on the pallet, they can move on from there…” if say 7 minutes was long enough to get a charge and maybe download the OS even if it takes another 5 minutes for it to verify the OS load and upgrade, they can do that on the battery power they got in that 7 minutes while being stacked for shipping.

From what I’ve seen, charging range is mostly a function of power output of the charger, so if you have a sufficiently powerful charging pad you can probably reach through a reasonable amount of packaging - or, as you alluded to, simply rework your packaging. Honestly I think you could get away with a cylinder of air in the packaging between the wireless charging antennae in the phone and the pad; and you always know where the phone’s going to be because you build it and put it in there.

Very much so. Apple has been battling the jailbreakers for fifteen years, and have gotten very, very good at securing the boot sequence.

This topic was automatically closed after 5 days. New replies are no longer allowed.