Having read the article, I still am unclear how the jade device ran / was updated using firmware that WASN'T signed by Blockstream.
I did understand that the malicious firmware would not survive a reboot, but HOW was the malicious firmware able to even be installed on the device if was not signed by Blockstream???!!!
I did understand that the malicious firmware would not survive a reboot, but HOW was the malicious firmware able to even be installed on the device if was not signed by Blockstream???!!!