Apple has come up with a way to update an iPhone still in its packaging, with a system allowing for iOS updates to be applied to unopened smartphones while still in an Apple Store.
So, there is going to be a backdoor that uses NFC to triger an update. And probably locally transmitted since the phones have no wifi credentials to connect.
I guess someone will find a way to flah a hacked version of ios onto unsuspecting users buy placing iPhone's on his NFC updating device. I hope they at least disable that feature as soon that the phone has an account associated. But again someone could install malicious ios version in store, you buy a new iPhone and it's already hacked before you got it !