[discreditable]

> disabling user-loading of new firmware

Am I understanding correctly that these devices can never have their firmware updated? That there is no update mechanism seems insane. They could prevent bad firmware updates by wiping keys on upgrade. The risk now is that some firmware version is discovered to have flaws, and that device is vulnerable forever.

[pfg]

> The risk now is that some firmware version is discovered to have flaws, and that device is vulnerable forever.

This happened last year and they offered free replacements for affected users[1].

[1]: https://www.yubico.com/2015/04/yubikey-neo-openpgp-security-...

[davideous]

> They could prevent bad firmware updates by wiping keys on upgrade

This does not close the attack vector of someone intercepting the device before you get it and surreptitiously installing firmware with a backdoor.

[mpeg]

And then you are fucked because you can't update the firmware to the trusted, signed open source version.

[discreditable]

How do they do that to begin with?

[e12e]

There's been various news on this, like (first Google search I came across): http://www.geek.com/news/nsas-top-hacking-unit-intercepts-ma...

[jacobush]

Modify the hardware to look the same but with added features. Like a radio transmitter.