This is an interesting attack, and certainly looks highly successful in terms of allowing a determined hardware hacker to gain root/bootloader access to a device that the manufacturer has attempted to lock them out of. Glitching with a 6V supply on a 3.3V bus is certainly something I'd want to be a little cautious of if the hardware was more expensive than a $10 dev board - I wouldn't buy a $800 IoT fridge and use this to install alternate firmware just for fun, but it's nice to know it's possible in case my fridge stops working because the manufacturer declares it end-of-life. It's just not clear to me if or how this is a bad thing. The author writes:<p>> <i>This FATAL exploit allows an attacker to decrypt an encrypted firmware because he is now in possession of the AES Flash Encryption Key.</i><p>> <i>Worst case scenario, he is now able to forge his own valid firmware (using the Secure Boot Key) then encrypt it (using the Flash Encryption Key) to replace the original firmware PERMANENTLY.</i><p>> <i>This last post closes my security investigation on ESP32, which I consider now as a broken platform.</i><p>Isn't that a good thing for me as a consumer? I like the ability to decrypt and modify my own devices. I like that this is a permanent modification, unlike eg. dd-wrt where you have to prevent the bootloader from overwriting your software with that of the manufacturer.<p>The only thing I can think of that would be really bad is if I had a device with an ESP32 inside physically stolen then reinstalled by an attacker (or a counterfeit sold to me with malicious code from the vendor) and this exploit allowed them to get private data from my network to an Internet location. But they could already just buy or build their own device, ESP32 or not, to do that.<p>This is only bad for draconian IoT manufacturers who want to enforce their terms of service and artificial limitations on hardware they think consumers are leasing but consumers think they are buying.