Comment by simgt
5 days ago
Very nice article!
Every time I was part of a team designing IoT devices, there would be a slightly more security-focused engineer who would manage to have some level of protection for the boot. I'm surprised there was no resistance here to dump and reflash the firmware. Why would they not even bother encrypting the flash? How common is that?
It would have been nice to give the product name.
> I'm surprised there was no resistance here to dump and reflash the firmware.
Some devices are purchased because their firmware is easy to replace. Upcoming regulations on IoT cybersecurity might make it harder to sell such devices. ESP32-based devices have been successful in several niches, https://hn.algolia.com/?query=esp32