This is a full damage contain mode PR article. That said, I do agree that what was presented doesn't mean all ledger's are compromised and or as vulnerable as claimed.
A few attack vectors have been shown that weaken the overall security: When you buy a ledger and you get a box with "tamper proof stickers" and installation software that "verifies the genuine hardware" you don't expect those features to be as circumventable as they are. If ledger knew they were bad/worthless they should have been informing their users about it / removing them.
Also the article states that:
> It is quite an unpractical scenario, whereas it might be easier for a motivated attacker to install a camera in the room to look for the PIN entry.
That's a scenario end users understand and can try to defend themselves again (cover the thing with your other hand). This video proves there is are different attack vectors no one was expecting that is harder to protect against.
> In particular they did not succeed to extract any seed nor PIN on a stolen device. Every sensitive assets stored on the Secure Element remain secure.
I'm not sure they ever claimed that. When I buy a hardware wallet I want it to protect my coins. For me it doesn't matter whether they get stolen through stealing the private key, or through completely owning the wallet and sending coins to hackers when I think I am sending coins to my friend.
Also I am not sure about:
> This scenario requires:
> [..]
> Physically waiting in a side room with an antenna for the victim to enter his PIN and launch the Bitcoin app.
Why does the attacker needs to be there physically? I don't see why this whole thing can't be automated on a raspberry pi that you shove above the ceiling (which is clearly harder to detect than a camera).
E.g Livox mid 360 https://store.dji.com/en/product/livox-mid-360