The ‘weak spot’ as stated by one of the safest hardware wallets out – the TREZOR, only applies to versions “lower than 1.5.2”.
Just to feel at ease even that there is no detailed explanation, it is reported that only physical theft of the ‘wallet’ could be of any malicious actors to potentially compromise devices:
“It is important to note that this is not a remote execution attack,” the email to customers explains, which is available as a blog post here.
“To exploit this issue, an attacker would need physical access to a disassembled TREZOR device with uncovered electronics. It is impossible to do this without destroying the plastic case.”
The blog and email continued with that the “coins are safe” within the devices for as long as they are kept within the owners grasp.
As rumors and theories are spreading out already on social media about the above-mentioned email and information, TREZOR pointed out to wait for more information that will be presented to the users.
“Trezor so far greatly downplays the importance of this hack,” a Medium post claiming to have instructions for how to compromise 1.5.2 devices reads.
“There is no long-term access needed to copy all your secret information from Trezor using this hack; it can be done just in 15 seconds.”