Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So many questions. Is the update pre-loaded on the "pad" that activates the software update protocol?

If not, then does the pad setup a WiFi connection to the store to remotely download it and then install?

Seems like another attack vector for NSO to exploit and add to their arsenal of government oriented spyware.



I’m guessing the pad hooks up to something like an iPad, and the “update pad” has a Secure Enclave of its own. So probably end to end physical security there


I mean it doesn’t really matter. They could use simple public Wi-Fi that’s unencrypted and it would be fine.

Apple already covers the entire boot process and all the OS updates with digital signatures. They can be absolutely sure that no one has tampered with the download and that it was produced by Apple.

They don’t really need a special iPad serving the update to make it secure.

(of course none of this applies if someone figured out how to break digital signatures, but if they did we’re all screwed anyway)


Count on the NSA being able to find a way. Poster is right, this is another attack vector. Being new and unopened is no longer even the weak reassurance it once was.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: