Why is it fair to assume this is only a concern when Apple publicly announces it if the whole concern is they won't publicly announce misuse? The phones already do things when off now e.g. Find My.

If by remotely, you mean physically touching the device, then one could say that it's remotely turning the device on.

I mean by remotely, what the article means by remotely:

"Consisting of a "pad-like device," store employees place unopened iPhone boxes onto it to trigger an update. The pad wirelessly turns on the iPhone, runs the software update, then turns it off again."

As in without contact with the device.

But they can already push updates OTA, and presumably this is subject to the same signing