Model One* sorry, fuck
Model One has no SE. Coldcard has SEs known to be broken and is also vulnerable to supply chain attacks.
The Tapsigners are more secure than them and use a proper SE-chip.
Discussion
My model 1 is my oldest device and i still use it for multisig because the thing refuses to stop working. I don't haven't even updated it in like 8 years, lol. There's nothing wrong with the Mk4 and the security model also isn't 100% dependent on the SEs, keys are based on a handshake between 3 segregated parts of the device.
And all 3 parts of the device are proven to be weak.
I work on secure elements.
The secure elements used by the Mk4, one of them is a dated platform that had a low security level even at the date of release.
The other is also in the same bucket, and to make it worse is made by a company with low SE experience.
MCUs are trivial to extract secrets from, there’s more documented attacks than I can count.
It doesn’t matter if you could easily execute a supply chain attack though, which you can.
Which hardware wallets do you recommend?
Worst for security, Coldcard, BitBox, Trezor Model One.
A bit better is the Foundation Passport Core but many of its features are pointless.
Better is Ledger Nano S, anything from Trezor with a SE, Satochip, or the device that I am working on (unreleased)
I can’t say any of them are ideal though, not yet.
+1 on Bitcoin Nora’s question.
Well, I'm not at all worried about it and would generally disagree anyway. Literally every "exploit" or "weakness" i've read about over the years for almost all major hardware devices (ignoring the literal trash) are such specific situations or conditions that it feels pointless to argue, imo. but I'm not that invested in the nuance here anyway and its why i use multisig, so i don't have to care that much.
Multisig fixes 99% of problems.