What is more impressive than the over supply chain attack is the utter stupidity of hezbollah. How the hell does an organization like that deploy thousands of copies of a device without a precautionary teardown and basic security checks? This kind of attack is not new. Google yahya ayyash. Regarding hardware signing devices, maybe we should separate the selection and storage of private keys, reducing the risk by orders of magnitude.