For me personally, the fact that they can enable the device, update it, and disable it while it is sealed is creepy.
Apple is usually not completely stupid about things like these. They will likely design it in a way that this only works e.g. before first activation/on iPhones that do not currently have a user account or with similar safeguards to not leave a gaping hole in device security.
Well, if you think about how the iPhone is boxed, the back of the phone is facing the top lid with nothing in between. All Apple has to do is throw a wireless charger on the top of the box and the iPhone will power on by itself (which it does when you attach a wireless charger and it’s powered off already), so… that’s 90% of it right there.
I suppose all they have to do after that is make the setup software go “hey, am I near Apple Store WiFi?” and if the answer is yes then it’ll launch the update process without user interaction.
Not too exciting really.
Edit: to be clear, if you have a password configured your iPhone can never be updated without entering that password (unless you wipe all user data). So since the only time your iPhone doesn’t have a password should be during setup, there’s no risk of this happening after setting up your device.
So is there no real risk for a malicious official software update mandated by a government to disable software protections in place?
What if this “update” happened in your phone on a Peoples Republic of China territory? Will Apple refuse their “lawful” request to make an Apple signed official software update to downgrade your encryption?
Well, in this case I believe we can simply point to their past history in this matter. Where, assuming true, they refused to push an update that would allow unlimited unlock attempts.
Now that updating is not possible in the locked state after first boot, it alleviates a large amount of concern on my end. It used to be possible to download images and verify them manually before pushing the update through iTunes. Is that still possible?
Out of curiosity, are there any other benefits to updating before a user opens the box not mentioned in the article? I feel like it’s something most users expect to need to do, so I’m curious as to why it would be such a large focus.
The device itself will still prompt you for your password during the install process if you do this, so there’s no way to install an update without the user being aware of it happening.
So, @HauntSanctuary, there’s a risk of such an update being made yes, but there’s no risk of that happening without you consenting to install the update yourself by entering your password.
In this case it was for the FBI trying to unlock an iPhone 5c, which did not have a Secure Enclave (which is what enforces the password requirement on modern phones). Apple chose not to create a malicious update in that case, but nowadays they can’t even if they did want to.
lol hire me Linus