Any hardware wallet could have implemented anti-exfil signing at any point in the last 5 or more years, with minimal/no UX change. The fact that none bothered is sheer incompetence bordering on maliciousness.