Re: Why Trev Pott is wrong - a privacy advocate's view
"Unless they can break into Apple and steal the key used to sign iOS updates. Hopefully Apple restricts access to that to a few people, and keeps it on an air gapped system, but obviously I have no knowledge of their procedures."
If the bad guys want something badly enough, they'll hire insiders. Or find weaknesses. Remember, at least one of Sony's PS3 private keys got compromised and more and more malware is being signed with genuine keys that were likely stolen (so they not only can pass authentication checks but also can't be voided without collateral damage), so it's not outside the realm of reality.