I would like to see Apple implement a new firmware signing scheme that requires the user to sign the firmware using a key generated on that device and not backed up that is protected by the passcode etc. Once initialised the device will only accept updates signed with this key and upstream updates would be verified against the Apple key before being signed with the local key.
This would eliminate this vector and not drastically effect the usability of the device. Though it would also need a way to fully reset the device including the removal of this signing key in order to bring the device back to factory settings in the case of loss of the device specific signing key.
This would eliminate this vector and not drastically effect the usability of the device. Though it would also need a way to fully reset the device including the removal of this signing key in order to bring the device back to factory settings in the case of loss of the device specific signing key.