Why can’t I just buy the phone, take it home and update it myself
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Here's What Apple Retail's New Machine to Update iPhones in the Box Looks Like
- Thread starter MacRumors
- Start date
- Sort by reaction score
Well it seems many people on here are against that… all my comments about not really liking this from a security aspect have been savagely downvoted 🤔
At the end of the day its up to us what we buy or don't buy. I feel like this is an additional process thats just the last of our priorities.
I admit I am no expert on this topic, but how is this not a potential security issue?
In other words, how can Apple guarantee that someone (e.g. the NSA) won't build/steal/buy a similar machine to update phones to a new, custom OS (that NSA created) that is less secure?
Before you say "only Apple can sign the software", the whole argument about why you can't create backdoors for government agencies hinges on the idea that no keys can be guaranteed to stay secure by anyone.
In other words, how can Apple guarantee that someone (e.g. the NSA) won't build/steal/buy a similar machine to update phones to a new, custom OS (that NSA created) that is less secure?
Before you say "only Apple can sign the software", the whole argument about why you can't create backdoors for government agencies hinges on the idea that no keys can be guaranteed to stay secure by anyone.
So this bothers me.
One of the ways that devices get hacked is by installing fake/modified software updates. Apple has been building in a lot of authentication requirements before upgrades are performed, but now there's a way to do it to a device - without physical connectivity - and without authentication.
I really want to understand what they're doing to prevent malicious/modified software builds from being applied to configured devices.
One of the ways that devices get hacked is by installing fake/modified software updates. Apple has been building in a lot of authentication requirements before upgrades are performed, but now there's a way to do it to a device - without physical connectivity - and without authentication.
I really want to understand what they're doing to prevent malicious/modified software builds from being applied to configured devices.
Lol what? If Apple is working at the behest of an "agency or government" they can do literally anything, including physically opening the box and then re-sealing it, or flashing whatever firmware they want directly off the assembly line.
I guess if you never install any app (where Apple can package in whatever they like) or any iOS update, and the installed iOS version has never any drive-by vulnerabilities, and there is no way via hidden mobile carrier settings updates, then yes. But that seems unlikely and very limiting.
Because the machine doesn't install the software, it just turns the phone on and the phone connects to Apple's servers for the update. Unless Apple's servers are compromised, this isn't an issue (and if they are, we have far bigger issues).
Thing is… the version of iOS being old would be the least of my concerns. What would be more concerning is that the battery might have been sitting empty for a prolonged period, which we all know can affect its health. If its sitting for 6 months or so like that, probably not an issie. But 12 months plus… well if im buying a new iPhone id want a “new” battery.
So iPhones can accept updates without user knowledge… you could in theory take someones iPhone… and “update” it.
Unlikely, but a possibility. Governments could see this as an amazing capability 😂
It’s not without authentication. It probably uses the same authentication as for regular updates. As in, updates are signed by Apple, and the iPhone verifies the signature, which authenticates the update. Those cryptographic signatures are safe and cannot be faked. It’s the same reason why we can’t install older iOS versions, because Apple stops signing them.
No there isn't. All this thing does is turn the iPhone on and allow it to connect to Apple's update servers (or, more likely, a local version that contains the latest update); it doesn't install the update itself.
I don't know why you're so passionately against this when you apparently don't understand how any of it works. Yes, these phones can install updates signed by Apple without user intervention, which makes perfect sense considering they don't yet have users.
So yes, a bad actor could steal one of these devices, steal your iPhone, and force it to update to the latest signed version of iOS. GASP! Or they could, ya know, not steal this device, steal your iPhone, and do any number of actually bad things with physical access to your device.
Damn you, Apple. You're ruining the unboxing (and updating) experience for YouTube reviewers 😂
I would guess/imagine the machine just turn on the phone to check and proceed with an OTA update if available... the update wouldnt come from the machine itself.
I suppose it's meant to speed up the set up experience, so you don't have to wait for it to download and install an update while you're eagerly waiting to use your new phone.
This is great. Annoyed when I get a new phone and the first thing I have to do is update it.
You will have to update it many many times during its entire life
I read this and thought "how many times can this be done before the battery dies?" - then I remembered iPhone has had wireless charging for over six years and I've never bothered with it 😂.
I don't really get the negative and suspicious reactions to this. How is this different than any time you accept an update from Apple? I guess people just like to feel like they're in control by being the one who taps "install", but you're buying an iPhone, so no matter what it's coming out of the box with an OS, firmware, and software that Apple put on it
The problem really comes down to someone getting a phone and going to restore from a backup, but the phone was on an older iOS version than their most recent backup. It is a big issue in the stores.
It would still be needed, if the release date for the device and iOS are to be the same. Some devices are manufactured months before the release date and you wouldn't want to delay production just so you can have final software on them. And then, you'd still need to stop releasing any software updates at all until your stock runs out and only then start manufacturing a new batch of devices.
Software quality issues are real, but anything they update BEFORE selling the devices is absolutely fair game. It's the quite the opposite of your example of releasing unfinished games.