That is easy, when you flash the firmware on many of the high security types of systems it increments a counter when the bootloader loads the new firmware. they simply look at the counter and see if it matched the last time it was in for an update or was reported on the last update.
It's as simple as a small cheap i2C eeprom hidden away on the system that is not easily read from the running OS. the hacker would haveto disassemble the system hardware and basically reverse engineer the board to discover it. I have seen them hidden under other chips to save board space, but doing that would hide it from most hackers.