[noonespecial]

If I'm not mistaken, buying one of a device and tearing it down like this would yield keys that would let you create "official" firmwares for all of the other ones of their kind and set up a fake update site allowing you to remote exploit all of the others, yes?

If so this is a fairly serious hack especially for devices that auto-update OTA.

[jeremyjh]

They should be permitting OTA only if the website they download from over TLS has a cert signed by the developer/manufacturer or at least a public CA with a CN matching the host name...so you'd have to physically access each device and not just MITM them.

[brokenmachine]

I'm not 100% sure but doesn't each device have its own keys burned at the factory?

So this hack will only work on a single esp32.

[glennpratt]

That's not how public/private encryption works, which is what comes to mind when you say keys. Not that I have any clue how this actually works!