The article postulates that a screen only protects against an address being swapped between the companion app and the hardware wallet. I don't see a discussion of the companion app being compromised, which is one of the scenarios a hardware wallet is supposed to protect against. After all, if the companion app cannot be compromised, why use a hardware wallet in the first place? At WalletScrutiny.com, we tag products without a screen as "No interface to authorize transactions". The following attack is possible with all such devices. While the presence of an input device like a button or a fingerprint sensor can help to raise suspicions, NFC cards without a button can be attacked almost completely undetectable. Let's say the release manager of the companion app gets under duress and forced to steal all the funds of all the users. He could change the companion app such that the first signing of a transaction is not shown on the companion app screen so the unsuspecting user presses that sign button again - we all know how NFC doesn't always work on the first try. The first transaction is "pay that coffee". The second transaction is "send all the rest from all accounts to this address, please. And don't worry about any spending limits.". The first transaction gets broadcast. The second transaction gets phoned home to the attacker but else disregarded on the app. Now the attacker can collect valid transactions that wipe balances until somebody realizes what's going on. The attacker would simply wait for funds "under management" reaching some maximum at which point he sends all these transactions to the blockchain.