As I understand, some IoT devices verify the integrity of firmware updates downloaded from the internet using the checksum of the file before installing the update, making it impossible for attackers to perform a man-in-the-middle attack and modify the firmware in-air.
This does not make much sense to me, because how does the IoT device know the correct checksum? Surely, the update server would need to transmit the checksum along with the firmware update and if the attacker is in a position to modify the firmware update, they could just as easily modify the transmitted checksum to match the modified firmware.
I would very much appreciate if someone could explain how those integrity checks work.