Apple can now update iPhones in 15 minutes without unpacking them

[Redaktion]

Anyone who buys an iPhone directly from Apple will in future receive the smartphone with the latest software so that updates no longer need to be installed directly after unpacking. This is because Apple can now update iPhones in just 15 minutes without having to take them out of the box.

https://www.notebookcheck.net/Apple-can-now-update-iPhones-in-15-minutes-without-unpacking-them.825269.0.html

[Bizarro_NikoB]

Governments and law enforcement around the world rejoice as they now have a new tool to plant illegal content, spyware, and malware to crush dissent, wrong think, and political opposition under the color of law. 

[RobertJasiek]

While I understand your concern, I guess Apple uses some access rights key to allow on air updates. Until the key falls into the hands of states or criminals, they would not get access. As soon as the key propagates outside Apple, the total security gap might be there indeed.

[NikoB]

Robert, are you naive or are you deliberately playing the fool?
All asymmetric encryption systems used in a particular state are subject to state standards and obviously have a back door/back door for special services at the mathematical level.

This is the first.

Secondly, as practice has proven, leaks from manufacturers' websites lead to the possibility of massive attacks through such channels.

The entire edifice of modern "cryptography" is rotten to the core when it comes to the interests of the supreme kleptocracy in each country and in the world as a whole. And they, kleptocrats of all countries, certainly united on these issues.

[RobertJasiek]

All asymmetric encryption systems used in a particular state are subject to state standards and obviously have a back door/back door for special services at the mathematical level.

Please explain!

[Neenyah]

People not particularly fond of reading an article but are very trigger-happy to jump to conclusions, eh?

Anyone who buys an iPhone directly from Apple

Apple has begun integrating a new system called "Presto" into Apple Stores.

They will get updated that way only in official Apple stores in near proximity of Apple's hardware while being on the shelf, similar to wireless charging. They won't get updated in Wallmart or wherever they sell iPhones. So if government wants to spy or whatever there are way easier methods to do that than to wait for Apple to add this to their official stores and then sneak in and hack the system (lol).

[RobertJasiek]

If wireless updating works within Apple stores, what prevents it from working elsewhere if a presumably necessary access rights key is already leaked?

[Neenyah]

If wireless updating works within Apple stores, what prevents it from working elsewhere if a presumably necessary access rights key is already leaked?

Whitelisted devices (to make the update possible) which are whitelisted while being physically present inside of official Apple stores. If they get stolen you can bet that Apple is going to immediately blacklist them (and change potentially leaked keys). And who is going to steal the device; Best Buy so they can try to hack the device just to sell updated iPhones in their stores?

Check the video, it is well-explained here: PRESTO: Apple's New System for Updating iOS

Also the image from the article of the device with iPhones inside: https://www.notebookcheck.net/fileadmin/_processed_/f/c/csm_Apple_Presto_c10e2c5e3a.jpg

[Bizarro_NikoB]

People not particularly fond of reading an article but are very trigger-happy to jump to conclusions, eh?

Anyone who buys an iPhone directly from Apple

Apple has begun integrating a new system called "Presto" into Apple Stores.

They will get updated that way only in official Apple stores in near proximity of Apple's hardware while being on the shelf, similar to wireless charging. They won't get updated in Wallmart or wherever they sell iPhones. So if government wants to spy or whatever there are way easier methods to do that than to wait for Apple to add this to their official stores and then sneak in and hack the system (lol).

I see what you're saying. What stands out to me is this. Whats to stop a bad actor giving someone a sealed, never before used, still packaged phone under the guise of trust to set someone up or spy on them?

If the technology exists and has been patented, then the govt has access to that patent. Throw in five eyes and other countries can benefit as well. The govt can  use the patent to create their own devices to update OSes, but their updates introduce malware, spyware, or more importantly illegal or questionable content/metadata that can then be "found" or "flagged" allowing for more intrusive surveillance or even prosecution and what is the defense going to be "I know its child porn and I know it shows I visited those sites but I didnt and I dont know how that got on my phone."

Its the OS that gets updated, so u can technically replace the entire OS with a facsimile without the user ever knowing or touching their personal content but that facsimile introduces those other nefarious things. You can even partition illegal content to prevent access/visibility to the owner so they will never know its there but can be found under scrutiny if investigators know where to look.

And most people sadly will gladly hand over their phone if they feel they have nothing to hide trusting in the altrusim of institutions they have been told since birth that are noble, honest, and the good guys.

[RobertJasiek]

Whitelisted devices
[...] Check the video

While the video explains nothing, whitelisting can be a good concept. However, whitelisting can be implemented well or badly. Barcodes have been mentioned, but if that should be all for whitelisting, it is a very weak implementation because barcodes can be abused easily even if their source files do not leak. For a stronger implementation, the whitelisting certificates (and not just the device IDs) must be stored in the hardware and be safe against brute force. In that case, leaking from within Apple might be required. If managed properly, this would be hard. If managed poorly, it would only be a matter of time until desaster.

[Neenyah]

Yes Bizarro, I agree with your whole comment so I won't quote it whole to keep clarity here, but I'll quote just this part:

If the technology exists and has been patented, then the govt has access to that patent.

And that's exactly what I meant before with "if government wants to spy or whatever there are way easier methods to do that than to wait for Apple to add this to their official stores and then sneak in and hack the system".

So this, as it is now, is basically nothing different than it was before (because hacking servers where updates are "laying" is about equally easy as this here if there is involved someone with plenty of resource power behind such as government). It's still on people to judge for themselves how much do they trust Apple to keep the system safe (as they claim it to be).

[Neenyah]

For a stronger implementation, the whitelisting certificates (and not just the device IDs) must be stored in the hardware and be safe against brute force. In that case, leaking from within Apple might be required. If managed properly, this would be hard. If managed poorly, it would only be a matter of time until desaster.

Correct, I agree.

Device A (the device where iPhones are stored and where they get updated while being sealed in the package) is whitelisted. iPhones have their IMEI and other serial numbers, codes and such, probably a lot of different thing that only Apple knows in detail.

Device B is also whitelisted. Device B gets compromised somehow (stolen, hacked into, you name it...). Apple can automatically simply block all iPhones which were ever stored inside of it, just like they can block stolen iPhones and basically render them completely unusable (brick them effectively), by those mentioned numbers (IMEI & co.).

And given the fact that Apple loves money more than anything it's safe to assume that this move was done after making sure that the system is as safe as possible because it's easier to invest a loooot of money into securing their own system than a looooooooot more money to replace all potentially tampered devices and most likely get huge amounts of lawsuits.

[Bizarro_NikoB]

Yes Bizarro, I agree with your whole comment so I won't quote it whole to keep clarity here, but I'll quote just this part:

If the technology exists and has been patented, then the govt has access to that patent.

And that's exactly what I meant before with "if government wants to spy or whatever there are way easier methods to do that than to wait for Apple to add this to their official stores and then sneak in and hack the system".

So this, as it is now, is basically nothing different than it was before (because hacking servers where updates are "laying" is about equally easy as this here if there is involved someone with plenty of resource power behind such as government). It's still on people to judge for themselves how much do they trust Apple to keep the system safe (as they claim it to be).

Ah, ok. Yeah we're on the same page then. I agree.

[NikoB]

Whitelisted devices (to make the update possible) which are whitelisted while being physically present inside of official Apple stores. If they get stolen you can bet that Apple is going to immediately blacklist them (and change potentially leaked keys). And who is going to steal the device; Best Buy so they can try to hack the device just to sell updated iPhones in their stores?

I had a good laugh. If there is a key, what the hell are whitelists? The phone itself checks the correctness of the key; it does not know about any lists. If the key is considered current on it (and it cannot be otherwise), it will allow an update to the wrong software signed with the stolen key. The phone doesn't know that the key was stolen. )))

This is exactly how a couple of years ago all the keys for signing BIOS on MSI laptops of dozens of series were leaked. If the owner has not updated the BIOS, he can easily correct the BIOS code and sign his version with this key. The BIOS chip will happily accept this code, without knowing anything that the keys were stolen from MSI.

If there is a non-updated phone in the warehouse, it does not know anything about any listings.

Now at the customs of even "free" and "democratic" countries, including the United States, there are totalitarian requirements to present a smartphone, as soon as it falls into the hands of customs officers with such a system, they can implant you with anything, having access keys. Breaking an Apple server, which could lead to a massive scandal? For what? When now you can individually do whatever you want with the phone of any victim, as soon as it fell into the hands of government agents for a while...

[Neenyah]

Whitelisted devices (to make the update possible) which are whitelisted while being physically present inside of official Apple stores. If they get stolen you can bet that Apple is going to immediately blacklist them (and change potentially leaked keys). And who is going to steal the device; Best Buy so they can try to hack the device just to sell updated iPhones in their stores?

I had a good laugh. If there is a key, what the hell are whitelists? The phone itself checks the correctness of the key; it does not know about any lists.

And yet again you demonstrate the lack of ability to read, to think and to understand, but at the same time you are an expert in pulling particular sentence or two out of context and then doing your own random rant about it.

Whitelisted devices which run Presto, you clown, that's what I'm talking about and that's been clear to everyone here but you (shocking). Not iPhones.

If there is a non-updated phone in the warehouse, it does not know anything about any listings.

See? Your brain is simply permanently turned off, there is no other explanation, lol.