Thanks i read it over.

My understanding is it relates to malicious 'modules' applied to the chip itself, probably through some sort of supply chain attack. It would require physical access to the chip/device and the installation of malicious firmware or updates that could be undetected.

The 'updates' would weaken the security of either interacting with private keys, or generating new ones not because the authentic modules are bad...

but if the device had been tampered with certain software functions would not work correctly and malicious modules could be added instead. There also seems to be some bluetooth vulnerabilities... but i don't know any bitcoin devices that use bluetooth explicitly.

Just goes to show the importance of open source review and testing. Thanks for the post!!!