[the8472]

Couldn't they ship pre-compromised? Storing the RNG seed and private key at the factory.

[ComputerGuru]

Devil’s advocate: How do they map that data to a user when you are buying through a maze of resellers?

[machinationu]

they dont, they try against all the keys, there are at most a few billion of them

see Dual_EC_DRBG

[wkat4242]

It won't be as easy as that because you can generate a private key multiple times and notice it's the same.

However yes a very limited entropy in the private key is much harder to detect especially because on this kind of device you can't see the private key directly.